aws logo
AWS Classic v5.41.0, May 15 23

aws.wafv2.WebAcl

Explore with Pulumi AI

Creates a WAFv2 Web ACL resource.

Note: In field_to_match blocks, e.g., in byte_match_statement, the body block includes an optional argument oversize_handling. AWS indicates this argument will be required starting February 2023. To avoid configurations breaking when that change happens, treat the oversize_handling argument as required as soon as possible.

Example Usage

Managed Rule

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var atp_example = new Aws.WafV2.WebAcl("atp-example", new()
    {
        DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
        {
            Allow = null,
        },
        Description = "Example of a managed ATP rule.",
        Rules = new[]
        {
            new Aws.WafV2.Inputs.WebAclRuleArgs
            {
                Name = "atp-rule-1",
                OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs
                {
                    Count = null,
                },
                Priority = 1,
                Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
                {
                    ManagedRuleGroupStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementArgs
                    {
                        ManagedRuleGroupConfigs = new[]
                        {
                            new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs
                            {
                                AwsManagedRulesAtpRuleSet = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs
                                {
                                    LoginPath = "/api/1/signin",
                                    RequestInspection = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs
                                    {
                                        PasswordField = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs
                                        {
                                            Identifier = "/password",
                                        },
                                        PayloadType = "JSON",
                                        UsernameField = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs
                                        {
                                            Identifier = "/email",
                                        },
                                    },
                                    ResponseInspection = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs
                                    {
                                        StatusCode = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs
                                        {
                                            FailureCodes = new[]
                                            {
                                                403,
                                            },
                                            SuccessCodes = new[]
                                            {
                                                200,
                                            },
                                        },
                                    },
                                },
                            },
                        },
                        Name = "AWSManagedRulesATPRuleSet",
                        VendorName = "AWS",
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "friendly-rule-metric-name",
                    SampledRequestsEnabled = false,
                },
            },
        },
        Scope = "CLOUDFRONT",
        VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
        {
            CloudwatchMetricsEnabled = false,
            MetricName = "friendly-metric-name",
            SampledRequestsEnabled = false,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafv2.NewWebAcl(ctx, "atp-example", &wafv2.WebAclArgs{
			DefaultAction: &wafv2.WebAclDefaultActionArgs{
				Allow: nil,
			},
			Description: pulumi.String("Example of a managed ATP rule."),
			Rules: wafv2.WebAclRuleArray{
				&wafv2.WebAclRuleArgs{
					Name: pulumi.String("atp-rule-1"),
					OverrideAction: &wafv2.WebAclRuleOverrideActionArgs{
						Count: nil,
					},
					Priority: pulumi.Int(1),
					Statement: &wafv2.WebAclRuleStatementArgs{
						ManagedRuleGroupStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{
							ManagedRuleGroupConfigs: wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArray{
								&wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs{
									AwsManagedRulesAtpRuleSet: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs{
										LoginPath: pulumi.String("/api/1/signin"),
										RequestInspection: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs{
											PasswordField: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs{
												Identifier: pulumi.String("/password"),
											},
											PayloadType: pulumi.String("JSON"),
											UsernameField: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs{
												Identifier: pulumi.String("/email"),
											},
										},
										ResponseInspection: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs{
											StatusCode: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs{
												FailureCodes: pulumi.IntArray{
													pulumi.Int(403),
												},
												SuccessCodes: pulumi.IntArray{
													pulumi.Int(200),
												},
											},
										},
									},
								},
							},
							Name:       pulumi.String("AWSManagedRulesATPRuleSet"),
							VendorName: pulumi.String("AWS"),
						},
					},
					VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("friendly-rule-metric-name"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
			},
			Scope: pulumi.String("CLOUDFRONT"),
			VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
				CloudwatchMetricsEnabled: pulumi.Bool(false),
				MetricName:               pulumi.String("friendly-metric-name"),
				SampledRequestsEnabled:   pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionCountArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAcl("example", WebAclArgs.builder()        
            .defaultAction(WebAclDefaultActionArgs.builder()
                .allow()
                .build())
            .description("Example of a managed rule.")
            .rules(WebAclRuleArgs.builder()
                .name("rule-1")
                .overrideAction(WebAclRuleOverrideActionArgs.builder()
                    .count()
                    .build())
                .priority(1)
                .statement(WebAclRuleStatementArgs.builder()
                    .managedRuleGroupStatement(WebAclRuleStatementManagedRuleGroupStatementArgs.builder()
                        .name("AWSManagedRulesCommonRuleSet")
                        .ruleActionOverride(                        
                            %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
                            %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                        .scopeDownStatement(WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs.builder()
                            .geoMatchStatement(WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs.builder()
                                .countryCodes(                                
                                    "US",
                                    "NL")
                                .build())
                            .build())
                        .vendorName("AWS")
                        .build())
                    .build())
                .tokenDomains(                
                    "mywebsite.com",
                    "myotherwebsite.com")
                .visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
                    .cloudwatchMetricsEnabled(false)
                    .metricName("friendly-rule-metric-name")
                    .sampledRequestsEnabled(false)
                    .build())
                .build())
            .scope("REGIONAL")
            .tags(Map.ofEntries(
                Map.entry("Tag1", "Value1"),
                Map.entry("Tag2", "Value2")
            ))
            .visibilityConfig(WebAclVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

atp_example = aws.wafv2.WebAcl("atp-example",
    default_action=aws.wafv2.WebAclDefaultActionArgs(
        allow=aws.wafv2.WebAclDefaultActionAllowArgs(),
    ),
    description="Example of a managed ATP rule.",
    rules=[aws.wafv2.WebAclRuleArgs(
        name="atp-rule-1",
        override_action=aws.wafv2.WebAclRuleOverrideActionArgs(
            count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),
        ),
        priority=1,
        statement=aws.wafv2.WebAclRuleStatementArgs(
            managed_rule_group_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs(
                managed_rule_group_configs=[aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs(
                    aws_managed_rules_atp_rule_set=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs(
                        login_path="/api/1/signin",
                        request_inspection=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs(
                            password_field=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs(
                                identifier="/password",
                            ),
                            payload_type="JSON",
                            username_field=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs(
                                identifier="/email",
                            ),
                        ),
                        response_inspection=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs(
                            status_code=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs(
                                failure_codes=[403],
                                success_codes=[200],
                            ),
                        ),
                    ),
                )],
                name="AWSManagedRulesATPRuleSet",
                vendor_name="AWS",
            ),
        ),
        visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(
            cloudwatch_metrics_enabled=False,
            metric_name="friendly-rule-metric-name",
            sampled_requests_enabled=False,
        ),
    )],
    scope="CLOUDFRONT",
    visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(
        cloudwatch_metrics_enabled=False,
        metric_name="friendly-metric-name",
        sampled_requests_enabled=False,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const atp_example = new aws.wafv2.WebAcl("atp-example", {
    defaultAction: {
        allow: {},
    },
    description: "Example of a managed ATP rule.",
    rules: [{
        name: "atp-rule-1",
        overrideAction: {
            count: {},
        },
        priority: 1,
        statement: {
            managedRuleGroupStatement: {
                managedRuleGroupConfigs: [{
                    awsManagedRulesAtpRuleSet: {
                        loginPath: "/api/1/signin",
                        requestInspection: {
                            passwordField: {
                                identifier: "/password",
                            },
                            payloadType: "JSON",
                            usernameField: {
                                identifier: "/email",
                            },
                        },
                        responseInspection: {
                            statusCode: {
                                failureCodes: [403],
                                successCodes: [200],
                            },
                        },
                    },
                }],
                name: "AWSManagedRulesATPRuleSet",
                vendorName: "AWS",
            },
        },
        visibilityConfig: {
            cloudwatchMetricsEnabled: false,
            metricName: "friendly-rule-metric-name",
            sampledRequestsEnabled: false,
        },
    }],
    scope: "CLOUDFRONT",
    visibilityConfig: {
        cloudwatchMetricsEnabled: false,
        metricName: "friendly-metric-name",
        sampledRequestsEnabled: false,
    },
});
resources:
  example:
    type: aws:wafv2:WebAcl
    properties:
      defaultAction:
        allow: {}
      description: Example of a managed rule.
      rules:
        - name: rule-1
          overrideAction:
            count: {}
          priority: 1
          statement:
            managedRuleGroupStatement:
              name: AWSManagedRulesCommonRuleSet
              ruleActionOverride:
                - actionToUse:
                    count: {}
                  name: SizeRestrictions_QUERYSTRING
                - actionToUse:
                    count: {}
                  name: NoUserAgent_HEADER
              scopeDownStatement:
                geoMatchStatement:
                  countryCodes:
                    - US
                    - NL
              vendorName: AWS
          tokenDomains:
            - mywebsite.com
            - myotherwebsite.com
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      scope: REGIONAL
      tags:
        Tag1: Value1
        Tag2: Value2
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false

Account Takeover Protection

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafV2.WebAcl("example", new()
    {
        DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
        {
            Allow = null,
        },
        Description = "Example of a Cloudfront rate based statement.",
        Rules = new[]
        {
            new Aws.WafV2.Inputs.WebAclRuleArgs
            {
                Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
                {
                    Block = null,
                },
                Name = "rule-1",
                Priority = 1,
                Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
                {
                    RateBasedStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementArgs
                    {
                        AggregateKeyType = "IP",
                        Limit = 10000,
                        ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs
                        {
                            GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs
                            {
                                CountryCodes = new[]
                                {
                                    "US",
                                    "NL",
                                },
                            },
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "friendly-rule-metric-name",
                    SampledRequestsEnabled = false,
                },
            },
        },
        Scope = "CLOUDFRONT",
        Tags = 
        {
            { "Tag1", "Value1" },
            { "Tag2", "Value2" },
        },
        VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
        {
            CloudwatchMetricsEnabled = false,
            MetricName = "friendly-metric-name",
            SampledRequestsEnabled = false,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
			DefaultAction: &wafv2.WebAclDefaultActionArgs{
				Allow: nil,
			},
			Description: pulumi.String("Example of a Cloudfront rate based statement."),
			Rules: wafv2.WebAclRuleArray{
				&wafv2.WebAclRuleArgs{
					Action: &wafv2.WebAclRuleActionArgs{
						Block: nil,
					},
					Name:     pulumi.String("rule-1"),
					Priority: pulumi.Int(1),
					Statement: &wafv2.WebAclRuleStatementArgs{
						RateBasedStatement: &wafv2.WebAclRuleStatementRateBasedStatementArgs{
							AggregateKeyType: pulumi.String("IP"),
							Limit:            pulumi.Int(10000),
							ScopeDownStatement: &wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs{
								GeoMatchStatement: &wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs{
									CountryCodes: pulumi.StringArray{
										pulumi.String("US"),
										pulumi.String("NL"),
									},
								},
							},
						},
					},
					VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("friendly-rule-metric-name"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
			},
			Scope: pulumi.String("CLOUDFRONT"),
			Tags: pulumi.StringMap{
				"Tag1": pulumi.String("Value1"),
				"Tag2": pulumi.String("Value2"),
			},
			VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
				CloudwatchMetricsEnabled: pulumi.Bool(false),
				MetricName:               pulumi.String("friendly-metric-name"),
				SampledRequestsEnabled:   pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionCountArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var atp_example = new WebAcl("atp-example", WebAclArgs.builder()        
            .defaultAction(WebAclDefaultActionArgs.builder()
                .allow()
                .build())
            .description("Example of a managed ATP rule.")
            .rules(WebAclRuleArgs.builder()
                .name("atp-rule-1")
                .overrideAction(WebAclRuleOverrideActionArgs.builder()
                    .count()
                    .build())
                .priority(1)
                .statement(WebAclRuleStatementArgs.builder()
                    .managedRuleGroupStatement(WebAclRuleStatementManagedRuleGroupStatementArgs.builder()
                        .managedRuleGroupConfigs(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs.builder()
                            .awsManagedRulesAtpRuleSet(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs.builder()
                                .loginPath("/api/1/signin")
                                .requestInspection(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs.builder()
                                    .passwordField(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs.builder()
                                        .identifier("/password")
                                        .build())
                                    .payloadType("JSON")
                                    .usernameField(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs.builder()
                                        .identifier("/email")
                                        .build())
                                    .build())
                                .responseInspection(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs.builder()
                                    .statusCode(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs.builder()
                                        .failureCodes("403")
                                        .successCodes("200")
                                        .build())
                                    .build())
                                .build())
                            .build())
                        .name("AWSManagedRulesATPRuleSet")
                        .vendorName("AWS")
                        .build())
                    .build())
                .visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
                    .cloudwatchMetricsEnabled(false)
                    .metricName("friendly-rule-metric-name")
                    .sampledRequestsEnabled(false)
                    .build())
                .build())
            .scope("CLOUDFRONT")
            .visibilityConfig(WebAclVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.wafv2.WebAcl("example",
    default_action=aws.wafv2.WebAclDefaultActionArgs(
        allow=aws.wafv2.WebAclDefaultActionAllowArgs(),
    ),
    description="Example of a Cloudfront rate based statement.",
    rules=[aws.wafv2.WebAclRuleArgs(
        action=aws.wafv2.WebAclRuleActionArgs(
            block=aws.wafv2.WebAclRuleActionBlockArgs(),
        ),
        name="rule-1",
        priority=1,
        statement=aws.wafv2.WebAclRuleStatementArgs(
            rate_based_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementArgs(
                aggregate_key_type="IP",
                limit=10000,
                scope_down_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs(
                    geo_match_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs(
                        country_codes=[
                            "US",
                            "NL",
                        ],
                    ),
                ),
            ),
        ),
        visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(
            cloudwatch_metrics_enabled=False,
            metric_name="friendly-rule-metric-name",
            sampled_requests_enabled=False,
        ),
    )],
    scope="CLOUDFRONT",
    tags={
        "Tag1": "Value1",
        "Tag2": "Value2",
    },
    visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(
        cloudwatch_metrics_enabled=False,
        metric_name="friendly-metric-name",
        sampled_requests_enabled=False,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafv2.WebAcl("example", {
    defaultAction: {
        allow: {},
    },
    description: "Example of a Cloudfront rate based statement.",
    rules: [{
        action: {
            block: {},
        },
        name: "rule-1",
        priority: 1,
        statement: {
            rateBasedStatement: {
                aggregateKeyType: "IP",
                limit: 10000,
                scopeDownStatement: {
                    geoMatchStatement: {
                        countryCodes: [
                            "US",
                            "NL",
                        ],
                    },
                },
            },
        },
        visibilityConfig: {
            cloudwatchMetricsEnabled: false,
            metricName: "friendly-rule-metric-name",
            sampledRequestsEnabled: false,
        },
    }],
    scope: "CLOUDFRONT",
    tags: {
        Tag1: "Value1",
        Tag2: "Value2",
    },
    visibilityConfig: {
        cloudwatchMetricsEnabled: false,
        metricName: "friendly-metric-name",
        sampledRequestsEnabled: false,
    },
});
resources:
  atp-example:
    type: aws:wafv2:WebAcl
    properties:
      defaultAction:
        allow: {}
      description: Example of a managed ATP rule.
      rules:
        - name: atp-rule-1
          overrideAction:
            count: {}
          priority: 1
          statement:
            managedRuleGroupStatement:
              managedRuleGroupConfigs:
                - awsManagedRulesAtpRuleSet:
                    loginPath: /api/1/signin
                    requestInspection:
                      passwordField:
                        identifier: /password
                      payloadType: JSON
                      usernameField:
                        identifier: /email
                    responseInspection:
                      statusCode:
                        failureCodes:
                          - '403'
                        successCodes:
                          - '200'
              name: AWSManagedRulesATPRuleSet
              vendorName: AWS
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      scope: CLOUDFRONT
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false

Rate Based

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafV2.RuleGroup("example", new()
    {
        Capacity = 10,
        Scope = "REGIONAL",
        Rules = new[]
        {
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Name = "rule-1",
                Priority = 1,
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Count = null,
                },
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
                    {
                        CountryCodes = new[]
                        {
                            "NL",
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "friendly-rule-metric-name",
                    SampledRequestsEnabled = false,
                },
            },
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Name = "rule-to-exclude-a",
                Priority = 10,
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Allow = null,
                },
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
                    {
                        CountryCodes = new[]
                        {
                            "US",
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "friendly-rule-metric-name",
                    SampledRequestsEnabled = false,
                },
            },
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Name = "rule-to-exclude-b",
                Priority = 15,
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Allow = null,
                },
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
                    {
                        CountryCodes = new[]
                        {
                            "GB",
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "friendly-rule-metric-name",
                    SampledRequestsEnabled = false,
                },
            },
        },
        VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs
        {
            CloudwatchMetricsEnabled = false,
            MetricName = "friendly-metric-name",
            SampledRequestsEnabled = false,
        },
    });

    var test = new Aws.WafV2.WebAcl("test", new()
    {
        Scope = "REGIONAL",
        DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
        {
            Block = null,
        },
        Rules = new[]
        {
            new Aws.WafV2.Inputs.WebAclRuleArgs
            {
                Name = "rule-1",
                Priority = 1,
                OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs
                {
                    Count = null,
                },
                Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
                {
                    RuleGroupReferenceStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementArgs
                    {
                        Arn = example.Arn,
                        ExcludedRules = new[]
                        {
                            new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs
                            {
                                Name = "rule-to-exclude-b",
                            },
                            new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs
                            {
                                Name = "rule-to-exclude-a",
                            },
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "friendly-rule-metric-name",
                    SampledRequestsEnabled = false,
                },
            },
        },
        Tags = 
        {
            { "Tag1", "Value1" },
            { "Tag2", "Value2" },
        },
        VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
        {
            CloudwatchMetricsEnabled = false,
            MetricName = "friendly-metric-name",
            SampledRequestsEnabled = false,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := wafv2.NewRuleGroup(ctx, "example", &wafv2.RuleGroupArgs{
			Capacity: pulumi.Int(10),
			Scope:    pulumi.String("REGIONAL"),
			Rules: wafv2.RuleGroupRuleArray{
				&wafv2.RuleGroupRuleArgs{
					Name:     pulumi.String("rule-1"),
					Priority: pulumi.Int(1),
					Action: &wafv2.RuleGroupRuleActionArgs{
						Count: nil,
					},
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
							CountryCodes: pulumi.StringArray{
								pulumi.String("NL"),
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("friendly-rule-metric-name"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
				&wafv2.RuleGroupRuleArgs{
					Name:     pulumi.String("rule-to-exclude-a"),
					Priority: pulumi.Int(10),
					Action: &wafv2.RuleGroupRuleActionArgs{
						Allow: nil,
					},
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
							CountryCodes: pulumi.StringArray{
								pulumi.String("US"),
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("friendly-rule-metric-name"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
				&wafv2.RuleGroupRuleArgs{
					Name:     pulumi.String("rule-to-exclude-b"),
					Priority: pulumi.Int(15),
					Action: &wafv2.RuleGroupRuleActionArgs{
						Allow: nil,
					},
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
							CountryCodes: pulumi.StringArray{
								pulumi.String("GB"),
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("friendly-rule-metric-name"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
			},
			VisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{
				CloudwatchMetricsEnabled: pulumi.Bool(false),
				MetricName:               pulumi.String("friendly-metric-name"),
				SampledRequestsEnabled:   pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		_, err = wafv2.NewWebAcl(ctx, "test", &wafv2.WebAclArgs{
			Scope: pulumi.String("REGIONAL"),
			DefaultAction: &wafv2.WebAclDefaultActionArgs{
				Block: nil,
			},
			Rules: wafv2.WebAclRuleArray{
				&wafv2.WebAclRuleArgs{
					Name:     pulumi.String("rule-1"),
					Priority: pulumi.Int(1),
					OverrideAction: &wafv2.WebAclRuleOverrideActionArgs{
						Count: nil,
					},
					Statement: &wafv2.WebAclRuleStatementArgs{
						RuleGroupReferenceStatement: &wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs{
							Arn: example.Arn,
							ExcludedRules: wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArray{
								&wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{
									Name: pulumi.String("rule-to-exclude-b"),
								},
								&wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{
									Name: pulumi.String("rule-to-exclude-a"),
								},
							},
						},
					},
					VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("friendly-rule-metric-name"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
			},
			Tags: pulumi.StringMap{
				"Tag1": pulumi.String("Value1"),
				"Tag2": pulumi.String("Value2"),
			},
			VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
				CloudwatchMetricsEnabled: pulumi.Bool(false),
				MetricName:               pulumi.String("friendly-metric-name"),
				SampledRequestsEnabled:   pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRateBasedStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAcl("example", WebAclArgs.builder()        
            .defaultAction(WebAclDefaultActionArgs.builder()
                .allow()
                .build())
            .description("Example of a Cloudfront rate based statement.")
            .rules(WebAclRuleArgs.builder()
                .action(WebAclRuleActionArgs.builder()
                    .block()
                    .build())
                .name("rule-1")
                .priority(1)
                .statement(WebAclRuleStatementArgs.builder()
                    .rateBasedStatement(WebAclRuleStatementRateBasedStatementArgs.builder()
                        .aggregateKeyType("IP")
                        .limit(10000)
                        .scopeDownStatement(WebAclRuleStatementRateBasedStatementScopeDownStatementArgs.builder()
                            .geoMatchStatement(WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs.builder()
                                .countryCodes(                                
                                    "US",
                                    "NL")
                                .build())
                            .build())
                        .build())
                    .build())
                .visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
                    .cloudwatchMetricsEnabled(false)
                    .metricName("friendly-rule-metric-name")
                    .sampledRequestsEnabled(false)
                    .build())
                .build())
            .scope("CLOUDFRONT")
            .tags(Map.ofEntries(
                Map.entry("Tag1", "Value1"),
                Map.entry("Tag2", "Value2")
            ))
            .visibilityConfig(WebAclVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.wafv2.RuleGroup("example",
    capacity=10,
    scope="REGIONAL",
    rules=[
        aws.wafv2.RuleGroupRuleArgs(
            name="rule-1",
            priority=1,
            action=aws.wafv2.RuleGroupRuleActionArgs(
                count=aws.wafv2.RuleGroupRuleActionCountArgs(),
            ),
            statement=aws.wafv2.RuleGroupRuleStatementArgs(
                geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(
                    country_codes=["NL"],
                ),
            ),
            visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=False,
                metric_name="friendly-rule-metric-name",
                sampled_requests_enabled=False,
            ),
        ),
        aws.wafv2.RuleGroupRuleArgs(
            name="rule-to-exclude-a",
            priority=10,
            action=aws.wafv2.RuleGroupRuleActionArgs(
                allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),
            ),
            statement=aws.wafv2.RuleGroupRuleStatementArgs(
                geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(
                    country_codes=["US"],
                ),
            ),
            visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=False,
                metric_name="friendly-rule-metric-name",
                sampled_requests_enabled=False,
            ),
        ),
        aws.wafv2.RuleGroupRuleArgs(
            name="rule-to-exclude-b",
            priority=15,
            action=aws.wafv2.RuleGroupRuleActionArgs(
                allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),
            ),
            statement=aws.wafv2.RuleGroupRuleStatementArgs(
                geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(
                    country_codes=["GB"],
                ),
            ),
            visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=False,
                metric_name="friendly-rule-metric-name",
                sampled_requests_enabled=False,
            ),
        ),
    ],
    visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(
        cloudwatch_metrics_enabled=False,
        metric_name="friendly-metric-name",
        sampled_requests_enabled=False,
    ))
test = aws.wafv2.WebAcl("test",
    scope="REGIONAL",
    default_action=aws.wafv2.WebAclDefaultActionArgs(
        block=aws.wafv2.WebAclDefaultActionBlockArgs(),
    ),
    rules=[aws.wafv2.WebAclRuleArgs(
        name="rule-1",
        priority=1,
        override_action=aws.wafv2.WebAclRuleOverrideActionArgs(
            count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),
        ),
        statement=aws.wafv2.WebAclRuleStatementArgs(
            rule_group_reference_statement=aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs(
                arn=example.arn,
                excluded_rules=[
                    aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(
                        name="rule-to-exclude-b",
                    ),
                    aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(
                        name="rule-to-exclude-a",
                    ),
                ],
            ),
        ),
        visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(
            cloudwatch_metrics_enabled=False,
            metric_name="friendly-rule-metric-name",
            sampled_requests_enabled=False,
        ),
    )],
    tags={
        "Tag1": "Value1",
        "Tag2": "Value2",
    },
    visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(
        cloudwatch_metrics_enabled=False,
        metric_name="friendly-metric-name",
        sampled_requests_enabled=False,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafv2.RuleGroup("example", {
    capacity: 10,
    scope: "REGIONAL",
    rules: [
        {
            name: "rule-1",
            priority: 1,
            action: {
                count: {},
            },
            statement: {
                geoMatchStatement: {
                    countryCodes: ["NL"],
                },
            },
            visibilityConfig: {
                cloudwatchMetricsEnabled: false,
                metricName: "friendly-rule-metric-name",
                sampledRequestsEnabled: false,
            },
        },
        {
            name: "rule-to-exclude-a",
            priority: 10,
            action: {
                allow: {},
            },
            statement: {
                geoMatchStatement: {
                    countryCodes: ["US"],
                },
            },
            visibilityConfig: {
                cloudwatchMetricsEnabled: false,
                metricName: "friendly-rule-metric-name",
                sampledRequestsEnabled: false,
            },
        },
        {
            name: "rule-to-exclude-b",
            priority: 15,
            action: {
                allow: {},
            },
            statement: {
                geoMatchStatement: {
                    countryCodes: ["GB"],
                },
            },
            visibilityConfig: {
                cloudwatchMetricsEnabled: false,
                metricName: "friendly-rule-metric-name",
                sampledRequestsEnabled: false,
            },
        },
    ],
    visibilityConfig: {
        cloudwatchMetricsEnabled: false,
        metricName: "friendly-metric-name",
        sampledRequestsEnabled: false,
    },
});
const test = new aws.wafv2.WebAcl("test", {
    scope: "REGIONAL",
    defaultAction: {
        block: {},
    },
    rules: [{
        name: "rule-1",
        priority: 1,
        overrideAction: {
            count: {},
        },
        statement: {
            ruleGroupReferenceStatement: {
                arn: example.arn,
                excludedRules: [
                    {
                        name: "rule-to-exclude-b",
                    },
                    {
                        name: "rule-to-exclude-a",
                    },
                ],
            },
        },
        visibilityConfig: {
            cloudwatchMetricsEnabled: false,
            metricName: "friendly-rule-metric-name",
            sampledRequestsEnabled: false,
        },
    }],
    tags: {
        Tag1: "Value1",
        Tag2: "Value2",
    },
    visibilityConfig: {
        cloudwatchMetricsEnabled: false,
        metricName: "friendly-metric-name",
        sampledRequestsEnabled: false,
    },
});
resources:
  example:
    type: aws:wafv2:WebAcl
    properties:
      defaultAction:
        allow: {}
      description: Example of a Cloudfront rate based statement.
      rules:
        - action:
            block: {}
          name: rule-1
          priority: 1
          statement:
            rateBasedStatement:
              aggregateKeyType: IP
              limit: 10000
              scopeDownStatement:
                geoMatchStatement:
                  countryCodes:
                    - US
                    - NL
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      scope: CLOUDFRONT
      tags:
        Tag1: Value1
        Tag2: Value2
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false

Rule Group Reference

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionCountArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionCountArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRuleGroupReferenceStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new RuleGroup("example", RuleGroupArgs.builder()        
            .capacity(10)
            .scope("REGIONAL")
            .rules(            
                RuleGroupRuleArgs.builder()
                    .name("rule-1")
                    .priority(1)
                    .action(RuleGroupRuleActionArgs.builder()
                        .count()
                        .build())
                    .statement(RuleGroupRuleStatementArgs.builder()
                        .geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
                            .countryCodes("NL")
                            .build())
                        .build())
                    .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                        .cloudwatchMetricsEnabled(false)
                        .metricName("friendly-rule-metric-name")
                        .sampledRequestsEnabled(false)
                        .build())
                    .build(),
                RuleGroupRuleArgs.builder()
                    .name("rule-to-exclude-a")
                    .priority(10)
                    .action(RuleGroupRuleActionArgs.builder()
                        .allow()
                        .build())
                    .statement(RuleGroupRuleStatementArgs.builder()
                        .geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
                            .countryCodes("US")
                            .build())
                        .build())
                    .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                        .cloudwatchMetricsEnabled(false)
                        .metricName("friendly-rule-metric-name")
                        .sampledRequestsEnabled(false)
                        .build())
                    .build(),
                RuleGroupRuleArgs.builder()
                    .name("rule-to-exclude-b")
                    .priority(15)
                    .action(RuleGroupRuleActionArgs.builder()
                        .allow()
                        .build())
                    .statement(RuleGroupRuleStatementArgs.builder()
                        .geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
                            .countryCodes("GB")
                            .build())
                        .build())
                    .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                        .cloudwatchMetricsEnabled(false)
                        .metricName("friendly-rule-metric-name")
                        .sampledRequestsEnabled(false)
                        .build())
                    .build())
            .visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .build());

        var test = new WebAcl("test", WebAclArgs.builder()        
            .scope("REGIONAL")
            .defaultAction(WebAclDefaultActionArgs.builder()
                .block()
                .build())
            .rules(WebAclRuleArgs.builder()
                .name("rule-1")
                .priority(1)
                .overrideAction(WebAclRuleOverrideActionArgs.builder()
                    .count()
                    .build())
                .statement(WebAclRuleStatementArgs.builder()
                    .ruleGroupReferenceStatement(WebAclRuleStatementRuleGroupReferenceStatementArgs.builder()
                        .arn(example.arn())
                        .excludedRules(                        
                            WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs.builder()
                                .name("rule-to-exclude-b")
                                .build(),
                            WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs.builder()
                                .name("rule-to-exclude-a")
                                .build())
                        .build())
                    .build())
                .visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
                    .cloudwatchMetricsEnabled(false)
                    .metricName("friendly-rule-metric-name")
                    .sampledRequestsEnabled(false)
                    .build())
                .build())
            .tags(Map.ofEntries(
                Map.entry("Tag1", "Value1"),
                Map.entry("Tag2", "Value2")
            ))
            .visibilityConfig(WebAclVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .build());

    }
}

Coming soon!

Coming soon!

resources:
  example:
    type: aws:wafv2:RuleGroup
    properties:
      capacity: 10
      scope: REGIONAL
      rules:
        - name: rule-1
          priority: 1
          action:
            count: {}
          statement:
            geoMatchStatement:
              countryCodes:
                - NL
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
        - name: rule-to-exclude-a
          priority: 10
          action:
            allow: {}
          statement:
            geoMatchStatement:
              countryCodes:
                - US
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
        - name: rule-to-exclude-b
          priority: 15
          action:
            allow: {}
          statement:
            geoMatchStatement:
              countryCodes:
                - GB
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false
  test:
    type: aws:wafv2:WebAcl
    properties:
      scope: REGIONAL
      defaultAction:
        block: {}
      rules:
        - name: rule-1
          priority: 1
          overrideAction:
            count: {}
          statement:
            ruleGroupReferenceStatement:
              arn: ${example.arn}
              excludedRules:
                - name: rule-to-exclude-b
                - name: rule-to-exclude-a
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      tags:
        Tag1: Value1
        Tag2: Value2
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false

Create WebAcl Resource

new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);
@overload
def WebAcl(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
           custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
           default_action: Optional[WebAclDefaultActionArgs] = None,
           description: Optional[str] = None,
           name: Optional[str] = None,
           rules: Optional[Sequence[WebAclRuleArgs]] = None,
           scope: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None,
           token_domains: Optional[Sequence[str]] = None,
           visibility_config: Optional[WebAclVisibilityConfigArgs] = None)
@overload
def WebAcl(resource_name: str,
           args: WebAclArgs,
           opts: Optional[ResourceOptions] = None)
func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)
public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
public WebAcl(String name, WebAclArgs args)
public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args WebAclArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args WebAclArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args WebAclArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args WebAclArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args WebAclArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

WebAcl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The WebAcl resource accepts the following input properties:

DefaultAction Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

VisibilityConfig Pulumi.Aws.WafV2.Inputs.WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

CaptchaConfig Pulumi.Aws.WafV2.Inputs.WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

CustomResponseBodies List<Pulumi.Aws.WafV2.Inputs.WebAclCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

Description string

Friendly description of the WebACL.

Name string

Friendly name of the WebACL.

Rules List<Pulumi.Aws.WafV2.Inputs.WebAclRuleArgs>

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

Tags Dictionary<string, string>

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TokenDomains List<string>

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

DefaultAction WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

VisibilityConfig WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

CaptchaConfig WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

CustomResponseBodies []WebAclCustomResponseBodyArgs

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

Description string

Friendly description of the WebACL.

Name string

Friendly name of the WebACL.

Rules []WebAclRuleArgs

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

Tags map[string]string

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TokenDomains []string

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibilityConfig WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

captchaConfig WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

customResponseBodies List<WebAclCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

description String

Friendly description of the WebACL.

name String

Friendly name of the WebACL.

rules List<WebAclRuleArgs>

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

tags Map<String,String>

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tokenDomains List<String>

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibilityConfig WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

captchaConfig WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

customResponseBodies WebAclCustomResponseBodyArgs[]

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

description string

Friendly description of the WebACL.

name string

Friendly name of the WebACL.

rules WebAclRuleArgs[]

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

tags {[key: string]: string}

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tokenDomains string[]

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

default_action WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

scope str

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibility_config WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

captcha_config WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

description str

Friendly description of the WebACL.

name str

Friendly name of the WebACL.

rules Sequence[WebAclRuleArgs]

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

tags Mapping[str, str]

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

token_domains Sequence[str]

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction Property Map

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibilityConfig Property Map

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

captchaConfig Property Map

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

customResponseBodies List<Property Map>

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

description String

Friendly description of the WebACL.

name String

Friendly name of the WebACL.

rules List<Property Map>

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

tags Map<String>

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tokenDomains List<String>

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

Outputs

All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Capacity int

Web ACL capacity units (WCUs) currently being used by this web ACL.

Id string

The provider-assigned unique ID for this managed resource.

LockToken string
TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Capacity int

Web ACL capacity units (WCUs) currently being used by this web ACL.

Id string

The provider-assigned unique ID for this managed resource.

LockToken string
TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity Integer

Web ACL capacity units (WCUs) currently being used by this web ACL.

id String

The provider-assigned unique ID for this managed resource.

lockToken String
tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity number

Web ACL capacity units (WCUs) currently being used by this web ACL.

id string

The provider-assigned unique ID for this managed resource.

lockToken string
tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity int

Web ACL capacity units (WCUs) currently being used by this web ACL.

id str

The provider-assigned unique ID for this managed resource.

lock_token str
tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity Number

Web ACL capacity units (WCUs) currently being used by this web ACL.

id String

The provider-assigned unique ID for this managed resource.

lockToken String
tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up Existing WebAcl Resource

Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        capacity: Optional[int] = None,
        captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
        custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
        default_action: Optional[WebAclDefaultActionArgs] = None,
        description: Optional[str] = None,
        lock_token: Optional[str] = None,
        name: Optional[str] = None,
        rules: Optional[Sequence[WebAclRuleArgs]] = None,
        scope: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        token_domains: Optional[Sequence[str]] = None,
        visibility_config: Optional[WebAclVisibilityConfigArgs] = None) -> WebAcl
func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)
public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)
public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Capacity int

Web ACL capacity units (WCUs) currently being used by this web ACL.

CaptchaConfig Pulumi.Aws.WafV2.Inputs.WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

CustomResponseBodies List<Pulumi.Aws.WafV2.Inputs.WebAclCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

DefaultAction Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

Description string

Friendly description of the WebACL.

LockToken string
Name string

Friendly name of the WebACL.

Rules List<Pulumi.Aws.WafV2.Inputs.WebAclRuleArgs>

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

Tags Dictionary<string, string>

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TokenDomains List<string>

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

VisibilityConfig Pulumi.Aws.WafV2.Inputs.WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Capacity int

Web ACL capacity units (WCUs) currently being used by this web ACL.

CaptchaConfig WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

CustomResponseBodies []WebAclCustomResponseBodyArgs

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

DefaultAction WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

Description string

Friendly description of the WebACL.

LockToken string
Name string

Friendly name of the WebACL.

Rules []WebAclRuleArgs

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

Tags map[string]string

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TokenDomains []string

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

VisibilityConfig WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity Integer

Web ACL capacity units (WCUs) currently being used by this web ACL.

captchaConfig WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

customResponseBodies List<WebAclCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

defaultAction WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

description String

Friendly description of the WebACL.

lockToken String
name String

Friendly name of the WebACL.

rules List<WebAclRuleArgs>

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags Map<String,String>

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

tokenDomains List<String>

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

visibilityConfig WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity number

Web ACL capacity units (WCUs) currently being used by this web ACL.

captchaConfig WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

customResponseBodies WebAclCustomResponseBodyArgs[]

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

defaultAction WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

description string

Friendly description of the WebACL.

lockToken string
name string

Friendly name of the WebACL.

rules WebAclRuleArgs[]

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags {[key: string]: string}

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

tokenDomains string[]

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

visibilityConfig WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

arn str

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity int

Web ACL capacity units (WCUs) currently being used by this web ACL.

captcha_config WebAclCaptchaConfigArgs

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

default_action WebAclDefaultActionArgs

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

description str

Friendly description of the WebACL.

lock_token str
name str

Friendly name of the WebACL.

rules Sequence[WebAclRuleArgs]

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

scope str

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags Mapping[str, str]

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

token_domains Sequence[str]

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

visibility_config WebAclVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity Number

Web ACL capacity units (WCUs) currently being used by this web ACL.

captchaConfig Property Map

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

customResponseBodies List<Property Map>

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

defaultAction Property Map

Action to perform if none of the rules contained in the WebACL match. See default_ action below for details.

description String

Friendly description of the WebACL.

lockToken String
name String

Friendly name of the WebACL.

rules List<Property Map>

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags Map<String>

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

tokenDomains List<String>

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

visibilityConfig Property Map

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

Supporting Types

Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.

WebAclCaptchaConfig

ImmunityTimeProperty Pulumi.Aws.WafV2.Inputs.WebAclCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunity_time_property WebAclCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty Property Map

Defines custom immunity time. See Immunity Time Property below for details.

WebAclCaptchaConfigImmunityTimeProperty

ImmunityTime int

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclCustomResponseBody

Content string

Payload of the custom response.

ContentType string

Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

Key string

Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

Content string

Payload of the custom response.

ContentType string

Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

Key string

Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content String

Payload of the custom response.

contentType String

Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key String

Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content string

Payload of the custom response.

contentType string

Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key string

Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content str

Payload of the custom response.

content_type str

Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key str

Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content String

Payload of the custom response.

contentType String

Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key String

Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

WebAclDefaultAction

Allow Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionAllow

Specifies that AWS WAF should allow requests by default. See allow below for details.

Block Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionBlock

Specifies that AWS WAF should block requests by default. See block below for details.

Allow WebAclDefaultActionAllow

Specifies that AWS WAF should allow requests by default. See allow below for details.

Block WebAclDefaultActionBlock

Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow

Specifies that AWS WAF should allow requests by default. See allow below for details.

block WebAclDefaultActionBlock

Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow

Specifies that AWS WAF should allow requests by default. See allow below for details.

block WebAclDefaultActionBlock

Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow

Specifies that AWS WAF should allow requests by default. See allow below for details.

block WebAclDefaultActionBlock

Specifies that AWS WAF should block requests by default. See block below for details.

allow Property Map

Specifies that AWS WAF should allow requests by default. See allow below for details.

block Property Map

Specifies that AWS WAF should block requests by default. See block below for details.

WebAclDefaultActionAllow

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclDefaultActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclDefaultActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclDefaultActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See custom_request_handling below for details.

WebAclDefaultActionAllowCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclDefaultActionAllowCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclDefaultActionAllowCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclDefaultActionAllowCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclDefaultActionAllowCustomRequestHandlingInsertHeader

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value string

Value of the custom header.

name str

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value str

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

WebAclDefaultActionBlock

CustomResponse Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

CustomResponse WebAclDefaultActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclDefaultActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclDefaultActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

custom_response WebAclDefaultActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

customResponse Property Map

Defines a custom response for the web request. See custom_response below for details.

WebAclDefaultActionBlockCustomResponse

ResponseCode int

The HTTP status code to return to the client.

CustomResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

ResponseHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionBlockCustomResponseResponseHeader>

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

ResponseCode int

The HTTP status code to return to the client.

CustomResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

ResponseHeaders []WebAclDefaultActionBlockCustomResponseResponseHeader

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Integer

The HTTP status code to return to the client.

customResponseBodyKey String

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode number

The HTTP status code to return to the client.

customResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders WebAclDefaultActionBlockCustomResponseResponseHeader[]

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

response_code int

The HTTP status code to return to the client.

custom_response_body_key str

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

response_headers Sequence[WebAclDefaultActionBlockCustomResponseResponseHeader]

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Number

The HTTP status code to return to the client.

customResponseBodyKey String

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders List<Property Map>

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

WebAclDefaultActionBlockCustomResponseResponseHeader

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value string

Value of the custom header.

name str

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value str

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

WebAclRule

Name string

Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

Priority int

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

Statement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

VisibilityConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

Action Pulumi.Aws.WafV2.Inputs.WebAclRuleAction

Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action below for details.

CaptchaConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleCaptchaConfig

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

OverrideAction Pulumi.Aws.WafV2.Inputs.WebAclRuleOverrideAction

Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

RuleLabels List<Pulumi.Aws.WafV2.Inputs.WebAclRuleRuleLabel>

Labels to apply to web requests that match the rule match statement. See rule_label below for details.

Name string

Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

Priority int

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

Statement WebAclRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

VisibilityConfig WebAclRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

Action WebAclRuleAction

Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action below for details.

CaptchaConfig WebAclRuleCaptchaConfig

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

OverrideAction WebAclRuleOverrideAction

Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

RuleLabels []WebAclRuleRuleLabel

Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name String

Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

priority Integer

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement WebAclRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

visibilityConfig WebAclRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

action WebAclRuleAction

Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action below for details.

captchaConfig WebAclRuleCaptchaConfig

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

overrideAction WebAclRuleOverrideAction

Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

ruleLabels List<WebAclRuleRuleLabel>

Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name string

Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

priority number

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement WebAclRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

visibilityConfig WebAclRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

action WebAclRuleAction

Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action below for details.

captchaConfig WebAclRuleCaptchaConfig

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

overrideAction WebAclRuleOverrideAction

Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

ruleLabels WebAclRuleRuleLabel[]

Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name str

Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

priority int

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement WebAclRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

visibility_config WebAclRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

action WebAclRuleAction

Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action below for details.

captcha_config WebAclRuleCaptchaConfig

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

override_action WebAclRuleOverrideAction

Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

rule_labels Sequence[WebAclRuleRuleLabel]

Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name String

Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

priority Number

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement Property Map

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

visibilityConfig Property Map

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

action Property Map

Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action below for details.

captchaConfig Property Map

Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.

overrideAction Property Map

Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

ruleLabels List<Property Map>

Labels to apply to web requests that match the rule match statement. See rule_label below for details.

WebAclRuleAction

Allow Pulumi.Aws.WafV2.Inputs.WebAclRuleActionAllow

Instructs AWS WAF to allow the web request. See allow below for details.

Block Pulumi.Aws.WafV2.Inputs.WebAclRuleActionBlock

Instructs AWS WAF to block the web request. See block below for details.

Captcha Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCaptcha

Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

Challenge Pulumi.Aws.WafV2.Inputs.WebAclRuleActionChallenge

Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

Count Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCount

Instructs AWS WAF to count the web request and allow it. See count below for details.

Allow WebAclRuleActionAllow

Instructs AWS WAF to allow the web request. See allow below for details.

Block WebAclRuleActionBlock

Instructs AWS WAF to block the web request. See block below for details.

Captcha WebAclRuleActionCaptcha

Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

Challenge WebAclRuleActionChallenge

Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

Count WebAclRuleActionCount

Instructs AWS WAF to count the web request and allow it. See count below for details.

allow WebAclRuleActionAllow

Instructs AWS WAF to allow the web request. See allow below for details.

block WebAclRuleActionBlock

Instructs AWS WAF to block the web request. See block below for details.

captcha WebAclRuleActionCaptcha

Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

challenge WebAclRuleActionChallenge

Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

count WebAclRuleActionCount

Instructs AWS WAF to count the web request and allow it. See count below for details.

allow WebAclRuleActionAllow

Instructs AWS WAF to allow the web request. See allow below for details.

block WebAclRuleActionBlock

Instructs AWS WAF to block the web request. See block below for details.

captcha WebAclRuleActionCaptcha

Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

challenge WebAclRuleActionChallenge

Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

count WebAclRuleActionCount

Instructs AWS WAF to count the web request and allow it. See count below for details.

allow WebAclRuleActionAllow

Instructs AWS WAF to allow the web request. See allow below for details.

block WebAclRuleActionBlock

Instructs AWS WAF to block the web request. See block below for details.

captcha WebAclRuleActionCaptcha

Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

challenge WebAclRuleActionChallenge

Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

count WebAclRuleActionCount

Instructs AWS WAF to count the web request and allow it. See count below for details.

allow Property Map

Instructs AWS WAF to allow the web request. See allow below for details.

block Property Map

Instructs AWS WAF to block the web request. See block below for details.

captcha Property Map

Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

challenge Property Map

Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

count Property Map

Instructs AWS WAF to count the web request and allow it. See count below for details.

WebAclRuleActionAllow

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionAllowCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionAllowCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionAllowCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionAllowCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionAllowCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionAllowCustomRequestHandlingInsertHeader

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value string

Value of the custom header.

name str

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value str

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

WebAclRuleActionBlock

CustomResponse Pulumi.Aws.WafV2.Inputs.WebAclRuleActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

CustomResponse WebAclRuleActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclRuleActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclRuleActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

custom_response WebAclRuleActionBlockCustomResponse

Defines a custom response for the web request. See custom_response below for details.

customResponse Property Map

Defines a custom response for the web request. See custom_response below for details.

WebAclRuleActionBlockCustomResponse

ResponseCode int

The HTTP status code to return to the client.

CustomResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

ResponseHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionBlockCustomResponseResponseHeader>

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

ResponseCode int

The HTTP status code to return to the client.

CustomResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

ResponseHeaders []WebAclRuleActionBlockCustomResponseResponseHeader

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Integer

The HTTP status code to return to the client.

customResponseBodyKey String

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode number

The HTTP status code to return to the client.

customResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders WebAclRuleActionBlockCustomResponseResponseHeader[]

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

response_code int

The HTTP status code to return to the client.

custom_response_body_key str

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

response_headers Sequence[WebAclRuleActionBlockCustomResponseResponseHeader]

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Number

The HTTP status code to return to the client.

customResponseBodyKey String

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders List<Property Map>

The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

WebAclRuleActionBlockCustomResponseResponseHeader

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value string

Value of the custom header.

name str

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value str

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

WebAclRuleActionCaptcha

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionCaptchaCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value string

Value of the custom header.

name str

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value str

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

WebAclRuleActionChallenge

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionChallengeCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionChallengeCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionChallengeCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionChallengeCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionChallengeCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionChallengeCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionChallengeCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionChallengeCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionChallengeCustomRequestHandlingInsertHeader

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value string

Value of the custom header.

name str

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value str

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

WebAclRuleActionCount

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionCountCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCountCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionCountCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionCountCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionCountCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionCountCustomRequestHandlingInsertHeader

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

Name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

Value string

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

name string

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value string

Value of the custom header.

name str

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value str

Value of the custom header.

name String

Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

value String

Value of the custom header.

WebAclRuleCaptchaConfig

ImmunityTimeProperty Pulumi.Aws.WafV2.Inputs.WebAclRuleCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunity_time_property WebAclRuleCaptchaConfigImmunityTimeProperty

Defines custom immunity time. See Immunity Time Property below for details.

immunityTimeProperty Property Map

Defines custom immunity time. See Immunity Time Property below for details.

WebAclRuleCaptchaConfigImmunityTimeProperty

ImmunityTime int

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclRuleOverrideAction

Count Pulumi.Aws.WafV2.Inputs.WebAclRuleOverrideActionCount

Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

None Pulumi.Aws.WafV2.Inputs.WebAclRuleOverrideActionNone

Don't override the rule action setting. Configured as an empty block {}.

Count WebAclRuleOverrideActionCount

Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

None WebAclRuleOverrideActionNone

Don't override the rule action setting. Configured as an empty block {}.

count WebAclRuleOverrideActionCount

Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

none WebAclRuleOverrideActionNone

Don't override the rule action setting. Configured as an empty block {}.

count WebAclRuleOverrideActionCount

Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

none WebAclRuleOverrideActionNone

Don't override the rule action setting. Configured as an empty block {}.

count WebAclRuleOverrideActionCount

Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

none WebAclRuleOverrideActionNone

Don't override the rule action setting. Configured as an empty block {}.

count Property Map

Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

none Property Map

Don't override the rule action setting. Configured as an empty block {}.

WebAclRuleRuleLabel

Name string

Label string.

Name string

Label string.

name String

Label string.

name string

Label string.

name str

Label string.

name String

Label string.

WebAclRuleStatement

AndStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

ByteMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

ManagedRuleGroupStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatement

Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.

NotStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

OrStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

RateBasedStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatement

Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

RegexMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

RuleGroupReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatement

Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.

SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

AndStatement WebAclRuleStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

ByteMatchStatement WebAclRuleStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement WebAclRuleStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement WebAclRuleStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement

Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.

NotStatement WebAclRuleStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

OrStatement WebAclRuleStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

RateBasedStatement WebAclRuleStatementRateBasedStatement

Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

RegexMatchStatement WebAclRuleStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement

Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.

SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement WebAclRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement WebAclRuleStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement WebAclRuleStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement

Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.

notStatement WebAclRuleStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement WebAclRuleStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

rateBasedStatement WebAclRuleStatementRateBasedStatement

Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

regexMatchStatement WebAclRuleStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement

Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement WebAclRuleStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement

Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.

notStatement WebAclRuleStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement WebAclRuleStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

rateBasedStatement WebAclRuleStatementRateBasedStatement

Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

regexMatchStatement WebAclRuleStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement

Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

and_statement WebAclRuleStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byte_match_statement WebAclRuleStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geo_match_statement WebAclRuleStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ip_set_reference_statement WebAclRuleStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

label_match_statement WebAclRuleStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

managed_rule_group_statement WebAclRuleStatementManagedRuleGroupStatement

Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.

not_statement WebAclRuleStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

or_statement WebAclRuleStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

rate_based_statement WebAclRuleStatementRateBasedStatement

Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

regex_match_statement WebAclRuleStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regex_pattern_set_reference_statement WebAclRuleStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

rule_group_reference_statement WebAclRuleStatementRuleGroupReferenceStatement

Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.

size_constraint_statement WebAclRuleStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqli_match_statement WebAclRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xss_match_statement WebAclRuleStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement Property Map

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement Property Map

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement Property Map

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement Property Map

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement Property Map

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

managedRuleGroupStatement Property Map

Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.

notStatement Property Map

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement Property Map

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

rateBasedStatement Property Map

Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

regexMatchStatement Property Map

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement Property Map

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

ruleGroupReferenceStatement Property Map

Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.

sizeConstraintStatement Property Map

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement Property Map

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement Property Map

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

WebAclRuleStatementAndStatement

Statements List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatement>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

Statements []WebAclRuleStatementAndStatementStatement

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements List<WebAclRuleStatementAndStatementStatement>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements WebAclRuleStatementAndStatementStatement[]

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements Sequence[WebAclRuleStatementAndStatementStatement]

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements List<Property Map>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

WebAclRuleStatementAndStatementStatement

AndStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

ByteMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

NotStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

OrStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

RegexMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

AndStatement WebAclRuleStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

ByteMatchStatement WebAclRuleStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement WebAclRuleStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement WebAclRuleStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement WebAclRuleStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

NotStatement WebAclRuleStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

OrStatement WebAclRuleStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

RegexMatchStatement WebAclRuleStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement WebAclRuleStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement WebAclRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement WebAclRuleStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement WebAclRuleStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

notStatement WebAclRuleStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement WebAclRuleStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regexMatchStatement WebAclRuleStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement WebAclRuleStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

notStatement WebAclRuleStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement WebAclRuleStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regexMatchStatement WebAclRuleStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

and_statement WebAclRuleStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byte_match_statement WebAclRuleStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geo_match_statement WebAclRuleStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ip_set_reference_statement WebAclRuleStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

label_match_statement WebAclRuleStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

not_statement WebAclRuleStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

or_statement WebAclRuleStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regex_match_statement WebAclRuleStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regex_pattern_set_reference_statement WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

size_constraint_statement WebAclRuleStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqli_match_statement WebAclRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xss_match_statement WebAclRuleStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement Property Map

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement Property Map

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement Property Map

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement Property Map

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement Property Map

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

notStatement Property Map

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement Property Map

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regexMatchStatement Property Map

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement Property Map

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement Property Map

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement Property Map

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement Property Map

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

WebAclRuleStatementAndStatementStatementAndStatement

Statements List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatement>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

Statements []WebAclRuleStatementAndStatementStatementAndStatementStatement

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements List<WebAclRuleStatementAndStatementStatementAndStatementStatement>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements WebAclRuleStatementAndStatementStatementAndStatementStatement[]

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements Sequence[WebAclRuleStatementAndStatementStatementAndStatementStatement]

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements List<Property Map>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

WebAclRuleStatementAndStatementStatementAndStatementStatement

AndStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

ByteMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

NotStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

OrStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

RegexMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

AndStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

ByteMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

NotStatement WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

OrStatement WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

RegexMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

notStatement WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regexMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

notStatement WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regexMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

and_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byte_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geo_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ip_set_reference_statement WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

label_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

not_statement WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

or_statement WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regex_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regex_pattern_set_reference_statement WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

size_constraint_statement WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqli_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xss_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement Property Map

Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

byteMatchStatement Property Map

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement Property Map

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement Property Map

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement Property Map

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

notStatement Property Map

Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

orStatement Property Map

Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

regexMatchStatement Property Map

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement Property Map

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement Property Map

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement Property Map

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement Property Map

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement

Statements List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

Statements []WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements List<WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement[]

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements Sequence[WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement]

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

statements List<Property Map>

Statements to combine with AND logic. You can use any statements that can be nested. See statement above for details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement

ByteMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

RegexMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

ByteMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

GeoMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

IpSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

RegexMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

RegexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

SqliMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

XssMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

byteMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

regexMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

byteMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

regexMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

byte_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geo_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ip_set_reference_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

label_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

regex_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatement

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regex_pattern_set_reference_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

size_constraint_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqli_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xss_match_statement WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

byteMatchStatement Property Map

Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

geoMatchStatement Property Map

Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

ipSetReferenceStatement Property Map

Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement Property Map

Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

regexMatchStatement Property Map

Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

regexPatternSetReferenceStatement Property Map

Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement Property Map

Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

sqliMatchStatement Property Map

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

xssMatchStatement Property Map

Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement

PositionalConstraint string

Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

SearchString string

String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

TextTransformations List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

FieldToMatch Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

PositionalConstraint string

Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

SearchString string

String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

TextTransformations []WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

FieldToMatch WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint String

Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

searchString String

String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

textTransformations List<WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

fieldToMatch WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint string

Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

searchString string

String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

textTransformations WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation[]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

fieldToMatch WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positional_constraint str

Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

search_string str

String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

text_transformations Sequence[WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

field_to_match WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint String

Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

searchString String

String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

textTransformations List<Property Map>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

fieldToMatch Property Map

Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

AllQueryArguments Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers. See body below for details.

Cookies Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See cookies below for details.

Headers List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader>

Inspect the request headers. See headers below for details.

JsonBody Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See json_body for details.

Method Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See single_header below for details.

SingleQueryArgument Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See single_query_argument below for details.

UriPath Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers. See body below for details.

Cookies WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See cookies below for details.

Headers []WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader

Inspect the request headers. See headers below for details.

JsonBody WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See json_body for details.

Method WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See single_header below for details.

SingleQueryArgument WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See single_query_argument below for details.

UriPath WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers. See body below for details.

cookies WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See cookies below for details.

headers List<WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader>

Inspect the request headers. See headers below for details.

jsonBody WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See json_body for details.

method WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See single_header below for details.

singleQueryArgument WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See single_query_argument below for details.

uriPath WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers. See body below for details.

cookies WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See cookies below for details.

headers WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader[]

Inspect the request headers. See headers below for details.

jsonBody WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See json_body for details.

method WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See single_header below for details.

singleQueryArgument WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See single_query_argument below for details.

uriPath WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers. See body below for details.

cookies WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See cookies below for details.

headers Sequence[WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader]

Inspect the request headers. See headers below for details.

json_body WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See json_body for details.

method WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

query_string WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

single_header WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See single_header below for details.

single_query_argument WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See single_query_argument below for details.

uri_path WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map

Inspect all query arguments.

body Property Map

Inspect the request body, which immediately follows the request headers. See body below for details.

cookies Property Map

Inspect the cookies in the web request. See cookies below for details.

headers List<Property Map>

Inspect the request headers. See headers below for details.

jsonBody Property Map

Inspect the request body as JSON. See json_body for details.

method Property Map

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString Property Map

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader Property Map

Inspect a single header. See single_header below for details.

singleQueryArgument Property Map

Inspect a single query argument. See single_query_argument below for details.

uriPath Property Map

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

OversizeHandling string

What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string

What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String

What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string

What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str

What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String

What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

MatchPatterns List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

match_scope str

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversize_handling str

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern

all Property Map

An empty configuration block that is used for inspecting all headers.

excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader

MatchPattern Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

MatchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

MatchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope String

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

match_scope str

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversize_handling str

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope String

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

All Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

ExcludedHeaders List<string>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

IncludedHeaders List<string>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

ExcludedHeaders []string

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

IncludedHeaders []string

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excludedHeaders List<String>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders List<String>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excludedHeaders string[]

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders string[]

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excluded_headers Sequence[str]

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

included_headers Sequence[str]

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map

An empty configuration block that is used for inspecting all headers.

excludedHeaders List<String>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders List<String>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

MatchPattern Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

MatchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

InvalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

OversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

MatchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

InvalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

OversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope String

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior String

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling String

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

match_scope str

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalid_fallback_behavior str

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversize_handling str

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope String

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior String

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling String

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

all Property Map

An empty configuration block that is used for inspecting all headers.

includedPaths List<String>

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Name string

Name of the query header to inspect. This setting must be provided as lower case characters.

Name string

Name of the query header to inspect. This setting must be provided as lower case characters.

name String

Name of the query header to inspect. This setting must be provided as lower case characters.

name string

Name of the query header to inspect. This setting must be provided as lower case characters.

name str

Name of the query header to inspect. This setting must be provided as lower case characters.

name String

Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Name string

Name of the query header to inspect. This setting must be provided as lower case characters.

Name string

Name of the query header to inspect. This setting must be provided as lower case characters.

name String

Name of the query header to inspect. This setting must be provided as lower case characters.

name string

Name of the query header to inspect. This setting must be provided as lower case characters.

name str

Name of the query header to inspect. This setting must be provided as lower case characters.

name String

Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation

Priority int

Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

Type string

Transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int

Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

Type string

Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer

Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type String

Transformation to apply, please refer to the Text Transformation documentation for more details.

priority number

Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type string

Transformation to apply, please refer to the Text Transformation documentation for more details.

priority int

Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type str

Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number

Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type String

Transformation to apply, please refer to the Text Transformation documentation for more details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement

CountryCodes List<string>

Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

ForwardedIpConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

CountryCodes []string

Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

ForwardedIpConfig WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes List<String>

Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwardedIpConfig WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes string[]

Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwardedIpConfig WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

country_codes Sequence[str]

Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwarded_ip_config WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes List<String>

Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwardedIpConfig Property Map

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

FallbackBehavior string

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

Name of the HTTP header to use for the IP address.

FallbackBehavior string

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

Name of the HTTP header to use for the IP address.

fallbackBehavior String

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

Name of the HTTP header to use for the IP address.

fallbackBehavior string

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName string

Name of the HTTP header to use for the IP address.

fallback_behavior str

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

header_name str

Name of the HTTP header to use for the IP address.

fallbackBehavior String

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

Name of the HTTP header to use for the IP address.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

IpSetForwardedIpConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

IpSetForwardedIpConfig WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ipSetForwardedIpConfig WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ipSetForwardedIpConfig WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn str

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ip_set_forwarded_ip_config WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ipSetForwardedIpConfig Property Map

Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

FallbackBehavior string

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

Name of the HTTP header to use for the IP address.

Position string

Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

FallbackBehavior string

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

Name of the HTTP header to use for the IP address.

Position string

Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

Name of the HTTP header to use for the IP address.

position String

Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior string

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName string

Name of the HTTP header to use for the IP address.

position string

Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallback_behavior str

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

header_name str

Name of the HTTP header to use for the IP address.

position str

Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String

Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

Name of the HTTP header to use for the IP address.

position String

Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Key string

String to match against.

Scope string

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

Key string

String to match against.

Scope string

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String

String to match against.

scope String

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key string

String to match against.

scope string

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key str

String to match against.

scope str

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String

String to match against.

scope String

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatement

RegexString string

String representing the regular expression. Minimum of 1 and maximum of 512 characters.

TextTransformations List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

FieldToMatch Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

RegexString string

String representing the regular expression. Minimum of 1 and maximum of 512 characters.

TextTransformations []WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

FieldToMatch WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regexString String

String representing the regular expression. Minimum of 1 and maximum of 512 characters.

textTransformations List<WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

fieldToMatch WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regexString string

String representing the regular expression. Minimum of 1 and maximum of 512 characters.

textTransformations WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation[]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

fieldToMatch WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regex_string str

String representing the regular expression. Minimum of 1 and maximum of 512 characters.

text_transformations Sequence[WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

field_to_match WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regexString String

String representing the regular expression. Minimum of 1 and maximum of 512 characters.

textTransformations List<Property Map>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See text_transformation below for details.

fieldToMatch Property Map

The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

AllQueryArguments Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers. See body below for details.

Cookies Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See cookies below for details.

Headers List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader>

Inspect the request headers. See headers below for details.

JsonBody Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See json_body for details.

Method Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Inspect a single header. See single_header below for details.

SingleQueryArgument Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See single_query_argument below for details.

UriPath Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers. See body below for details.

Cookies WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See cookies below for details.

Headers []WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader

Inspect the request headers. See headers below for details.

JsonBody WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See json_body for details.

Method WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Inspect a single header. See single_header below for details.

SingleQueryArgument WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See single_query_argument below for details.

UriPath WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.