Viewing docs for AWS v7.27.0
published on Thursday, Apr 23, 2026 by Pulumi
published on Thursday, Apr 23, 2026 by Pulumi
Viewing docs for AWS v7.27.0
published on Thursday, Apr 23, 2026 by Pulumi
published on Thursday, Apr 23, 2026 by Pulumi
Manages an individual rule within a WAFv2 Web ACL. This resource creates proper Terraform dependencies for safe deletion of referenced resources like IP sets, solving the WAFAssociatedItemException error that occurs when deleting IP sets that are still referenced by Web ACL rules.
NOTE: When using this resource, you must add
lifecycle { ignoreChanges = [rule] }to youraws.wafv2.WebAclresource to prevent conflicts. See theaws.wafv2.WebAcldocumentation for a full description of the limitations of inline rules that this resource addresses.
Example Usage
Migrating from Inline Rules
This resource supports a “create-or-adopt” pattern that allows seamless migration from inline Web ACL rules to separate aws.wafv2.WebAclRule resources without infrastructure changes.
When you create an aws.wafv2.WebAclRule resource with the same name as an existing inline rule in the Web ACL, the resource will automatically adopt the existing rule instead of creating a duplicate. This enables zero-downtime migration from inline rules to separate resources.
Starting with inline rules, update your configuration to use separate rule resources and apply:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAcl("example", {
name: "example",
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "example",
sampledRequestsEnabled: false,
},
});
// Separate rule resource with identical configuration
const blockCountries = new aws.wafv2.WebAclRule("block_countries", {
name: "block-countries",
priority: 1,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
geoMatchStatement: {
countryCodes: [
"CN",
"RU",
],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "block-countries",
sampledRequestsEnabled: false,
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAcl("example",
name="example",
scope="REGIONAL",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": False,
"metric_name": "example",
"sampled_requests_enabled": False,
})
# Separate rule resource with identical configuration
block_countries = aws.wafv2.WebAclRule("block_countries",
name="block-countries",
priority=1,
web_acl_arn=example.arn,
action={
"block": {},
},
statement={
"geo_match_statement": {
"country_codes": [
"CN",
"RU",
],
},
},
visibility_config={
"cloudwatch_metrics_enabled": False,
"metric_name": "block-countries",
"sampled_requests_enabled": False,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
Name: pulumi.String("example"),
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("example"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
// Separate rule resource with identical configuration
_, err = wafv2.NewWebAclRule(ctx, "block_countries", &wafv2.WebAclRuleArgs{
Name: pulumi.String("block-countries"),
Priority: pulumi.Int(1),
WebAclArn: example.Arn,
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("CN"),
pulumi.String("RU"),
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("block-countries"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAcl("example", new()
{
Name = "example",
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "example",
SampledRequestsEnabled = false,
},
});
// Separate rule resource with identical configuration
var blockCountries = new Aws.WafV2.WebAclRule("block_countries", new()
{
Name = "block-countries",
Priority = 1,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"CN",
"RU",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "block-countries",
SampledRequestsEnabled = false,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAcl("example", WebAclArgs.builder()
.name("example")
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("example")
.sampledRequestsEnabled(false)
.build())
.build());
// Separate rule resource with identical configuration
var blockCountries = new WebAclRule("blockCountries", WebAclRuleArgs.builder()
.name("block-countries")
.priority(1)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementGeoMatchStatementArgs.builder()
.countryCodes(
"CN",
"RU")
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("block-countries")
.sampledRequestsEnabled(false)
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAcl
properties:
name: example
scope: REGIONAL
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: example
sampledRequestsEnabled: false
# Separate rule resource with identical configuration
blockCountries:
type: aws:wafv2:WebAclRule
name: block_countries
properties:
name: block-countries
priority: 1
webAclArn: ${example.arn}
action:
block: {}
statement:
geoMatchStatement:
countryCodes:
- CN
- RU
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: block-countries
sampledRequestsEnabled: false
Apply the configuration:
pulumi up
The aws.wafv2.WebAclRule resource will adopt the existing inline rule without making any changes to the actual Web ACL infrastructure. The rule continues to function identically, but is now managed as a separate Terraform resource.
- The rule name in the
aws.wafv2.WebAclRuleresource must exactly match the existing inline rule name - Add
lifecycle { ignoreChanges = [rule] }to your Web ACL resource to prevent conflicts - The create-or-adopt behavior only applies when a rule with the same name already exists in the Web ACL
Basic Geo Match Rule
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAcl("example", {
name: "example",
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "example",
sampledRequestsEnabled: false,
},
});
const blockCountries = new aws.wafv2.WebAclRule("block_countries", {
name: "block-countries",
priority: 1,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
geoMatchStatement: {
countryCodes: [
"CN",
"RU",
],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "block-countries",
sampledRequestsEnabled: false,
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAcl("example",
name="example",
scope="REGIONAL",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": False,
"metric_name": "example",
"sampled_requests_enabled": False,
})
block_countries = aws.wafv2.WebAclRule("block_countries",
name="block-countries",
priority=1,
web_acl_arn=example.arn,
action={
"block": {},
},
statement={
"geo_match_statement": {
"country_codes": [
"CN",
"RU",
],
},
},
visibility_config={
"cloudwatch_metrics_enabled": False,
"metric_name": "block-countries",
"sampled_requests_enabled": False,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
Name: pulumi.String("example"),
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("example"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
_, err = wafv2.NewWebAclRule(ctx, "block_countries", &wafv2.WebAclRuleArgs{
Name: pulumi.String("block-countries"),
Priority: pulumi.Int(1),
WebAclArn: example.Arn,
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("CN"),
pulumi.String("RU"),
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("block-countries"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAcl("example", new()
{
Name = "example",
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "example",
SampledRequestsEnabled = false,
},
});
var blockCountries = new Aws.WafV2.WebAclRule("block_countries", new()
{
Name = "block-countries",
Priority = 1,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"CN",
"RU",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "block-countries",
SampledRequestsEnabled = false,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAcl("example", WebAclArgs.builder()
.name("example")
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("example")
.sampledRequestsEnabled(false)
.build())
.build());
var blockCountries = new WebAclRule("blockCountries", WebAclRuleArgs.builder()
.name("block-countries")
.priority(1)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementGeoMatchStatementArgs.builder()
.countryCodes(
"CN",
"RU")
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("block-countries")
.sampledRequestsEnabled(false)
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAcl
properties:
name: example
scope: REGIONAL
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: example
sampledRequestsEnabled: false
blockCountries:
type: aws:wafv2:WebAclRule
name: block_countries
properties:
name: block-countries
priority: 1
webAclArn: ${example.arn}
action:
block: {}
statement:
geoMatchStatement:
countryCodes:
- CN
- RU
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: block-countries
sampledRequestsEnabled: false
IP Set Reference (Solves Deletion Ordering)
This example demonstrates the primary use case: referencing an IP set in a way that allows safe deletion.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const blockedIps = new aws.wafv2.IpSet("blocked_ips", {
name: "blocked-ips",
scope: "REGIONAL",
ipAddressVersion: "IPV4",
addresses: [
"1.2.3.4/32",
"5.6.7.8/32",
],
});
const example = new aws.wafv2.WebAcl("example", {
name: "example",
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "example",
sampledRequestsEnabled: true,
},
});
const blockIps = new aws.wafv2.WebAclRule("block_ips", {
name: "block-bad-ips",
priority: 1,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
ipSetReferenceStatement: {
arn: blockedIps.arn,
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "block-bad-ips",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
blocked_ips = aws.wafv2.IpSet("blocked_ips",
name="blocked-ips",
scope="REGIONAL",
ip_address_version="IPV4",
addresses=[
"1.2.3.4/32",
"5.6.7.8/32",
])
example = aws.wafv2.WebAcl("example",
name="example",
scope="REGIONAL",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "example",
"sampled_requests_enabled": True,
})
block_ips = aws.wafv2.WebAclRule("block_ips",
name="block-bad-ips",
priority=1,
web_acl_arn=example.arn,
action={
"block": {},
},
statement={
"ip_set_reference_statement": {
"arn": blocked_ips.arn,
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "block-bad-ips",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
blockedIps, err := wafv2.NewIpSet(ctx, "blocked_ips", &wafv2.IpSetArgs{
Name: pulumi.String("blocked-ips"),
Scope: pulumi.String("REGIONAL"),
IpAddressVersion: pulumi.String("IPV4"),
Addresses: pulumi.StringArray{
pulumi.String("1.2.3.4/32"),
pulumi.String("5.6.7.8/32"),
},
})
if err != nil {
return err
}
example, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
Name: pulumi.String("example"),
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("example"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
_, err = wafv2.NewWebAclRule(ctx, "block_ips", &wafv2.WebAclRuleArgs{
Name: pulumi.String("block-bad-ips"),
Priority: pulumi.Int(1),
WebAclArn: example.Arn,
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
IpSetReferenceStatement: &wafv2.WebAclRuleStatementIpSetReferenceStatementArgs{
Arn: blockedIps.Arn,
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("block-bad-ips"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var blockedIps = new Aws.WafV2.IpSet("blocked_ips", new()
{
Name = "blocked-ips",
Scope = "REGIONAL",
IpAddressVersion = "IPV4",
Addresses = new[]
{
"1.2.3.4/32",
"5.6.7.8/32",
},
});
var example = new Aws.WafV2.WebAcl("example", new()
{
Name = "example",
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "example",
SampledRequestsEnabled = true,
},
});
var blockIps = new Aws.WafV2.WebAclRule("block_ips", new()
{
Name = "block-bad-ips",
Priority = 1,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
IpSetReferenceStatement = new Aws.WafV2.Inputs.WebAclRuleStatementIpSetReferenceStatementArgs
{
Arn = blockedIps.Arn,
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "block-bad-ips",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.IpSet;
import com.pulumi.aws.wafv2.IpSetArgs;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementIpSetReferenceStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var blockedIps = new IpSet("blockedIps", IpSetArgs.builder()
.name("blocked-ips")
.scope("REGIONAL")
.ipAddressVersion("IPV4")
.addresses(
"1.2.3.4/32",
"5.6.7.8/32")
.build());
var example = new WebAcl("example", WebAclArgs.builder()
.name("example")
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("example")
.sampledRequestsEnabled(true)
.build())
.build());
var blockIps = new WebAclRule("blockIps", WebAclRuleArgs.builder()
.name("block-bad-ips")
.priority(1)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.ipSetReferenceStatement(WebAclRuleStatementIpSetReferenceStatementArgs.builder()
.arn(blockedIps.arn())
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("block-bad-ips")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
blockedIps:
type: aws:wafv2:IpSet
name: blocked_ips
properties:
name: blocked-ips
scope: REGIONAL
ipAddressVersion: IPV4
addresses:
- 1.2.3.4/32
- 5.6.7.8/32
example:
type: aws:wafv2:WebAcl
properties:
name: example
scope: REGIONAL
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: example
sampledRequestsEnabled: true
blockIps:
type: aws:wafv2:WebAclRule
name: block_ips
properties:
name: block-bad-ips
priority: 1
webAclArn: ${example.arn}
action:
block: {}
statement:
ipSetReferenceStatement:
arn: ${blockedIps.arn}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: block-bad-ips
sampledRequestsEnabled: true
Rate-Based Rule
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const rateLimit = new aws.wafv2.WebAclRule("rate_limit", {
name: "rate-limit",
priority: 2,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
rateBasedStatement: {
limit: 2000,
aggregateKeyType: "IP",
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "rate-limit",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
rate_limit = aws.wafv2.WebAclRule("rate_limit",
name="rate-limit",
priority=2,
web_acl_arn=example["arn"],
action={
"block": {},
},
statement={
"rate_based_statement": {
"limit": 2000,
"aggregate_key_type": "IP",
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "rate-limit",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRule(ctx, "rate_limit", &wafv2.WebAclRuleArgs{
Name: pulumi.String("rate-limit"),
Priority: pulumi.Int(2),
WebAclArn: pulumi.Any(example.Arn),
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
RateBasedStatement: &wafv2.WebAclRuleStatementRateBasedStatementArgs{
Limit: pulumi.Int(2000),
AggregateKeyType: pulumi.String("IP"),
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("rate-limit"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var rateLimit = new Aws.WafV2.WebAclRule("rate_limit", new()
{
Name = "rate-limit",
Priority = 2,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
RateBasedStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementArgs
{
Limit = 2000,
AggregateKeyType = "IP",
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "rate-limit",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRateBasedStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var rateLimit = new WebAclRule("rateLimit", WebAclRuleArgs.builder()
.name("rate-limit")
.priority(2)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.rateBasedStatement(WebAclRuleStatementRateBasedStatementArgs.builder()
.limit(2000)
.aggregateKeyType("IP")
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("rate-limit")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
rateLimit:
type: aws:wafv2:WebAclRule
name: rate_limit
properties:
name: rate-limit
priority: 2
webAclArn: ${example.arn}
action:
block: {}
statement:
rateBasedStatement:
limit: 2000
aggregateKeyType: IP
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: rate-limit
sampledRequestsEnabled: true
Managed Rule Group with Override Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const awsManagedRules = new aws.wafv2.WebAclRule("aws_managed_rules", {
name: "aws-managed-rules",
priority: 3,
webAclArn: example.arn,
overrideAction: {
none: {},
},
statement: {
managedRuleGroupStatement: {
name: "AWSManagedRulesCommonRuleSet",
vendorName: "AWS",
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "aws-managed-rules",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
aws_managed_rules = aws.wafv2.WebAclRule("aws_managed_rules",
name="aws-managed-rules",
priority=3,
web_acl_arn=example["arn"],
override_action={
"none": {},
},
statement={
"managed_rule_group_statement": {
"name": "AWSManagedRulesCommonRuleSet",
"vendor_name": "AWS",
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "aws-managed-rules",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRule(ctx, "aws_managed_rules", &wafv2.WebAclRuleArgs{
Name: pulumi.String("aws-managed-rules"),
Priority: pulumi.Int(3),
WebAclArn: pulumi.Any(example.Arn),
OverrideAction: &wafv2.WebAclRuleOverrideActionArgs{
None: &wafv2.WebAclRuleOverrideActionNoneArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
ManagedRuleGroupStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{
Name: pulumi.String("AWSManagedRulesCommonRuleSet"),
VendorName: pulumi.String("AWS"),
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("aws-managed-rules"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var awsManagedRules = new Aws.WafV2.WebAclRule("aws_managed_rules", new()
{
Name = "aws-managed-rules",
Priority = 3,
WebAclArn = example.Arn,
OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs
{
None = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
ManagedRuleGroupStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementArgs
{
Name = "AWSManagedRulesCommonRuleSet",
VendorName = "AWS",
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "aws-managed-rules",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionNoneArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var awsManagedRules = new WebAclRule("awsManagedRules", WebAclRuleArgs.builder()
.name("aws-managed-rules")
.priority(3)
.webAclArn(example.arn())
.overrideAction(WebAclRuleOverrideActionArgs.builder()
.none(WebAclRuleOverrideActionNoneArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.managedRuleGroupStatement(WebAclRuleStatementManagedRuleGroupStatementArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.vendorName("AWS")
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("aws-managed-rules")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
awsManagedRules:
type: aws:wafv2:WebAclRule
name: aws_managed_rules
properties:
name: aws-managed-rules
priority: 3
webAclArn: ${example.arn}
overrideAction:
none: {}
statement:
managedRuleGroupStatement:
name: AWSManagedRulesCommonRuleSet
vendorName: AWS
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: aws-managed-rules
sampledRequestsEnabled: true
Custom Request Handling
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const captchaWithHeaders = new aws.wafv2.WebAclRule("captcha_with_headers", {
name: "captcha-with-headers",
priority: 4,
webAclArn: example.arn,
action: {
captcha: {
customRequestHandling: {
insertHeaders: [{
name: "x-captcha-rule",
value: "triggered",
}],
},
},
},
statement: {
geoMatchStatement: {
countryCodes: ["US"],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "captcha-with-headers",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
captcha_with_headers = aws.wafv2.WebAclRule("captcha_with_headers",
name="captcha-with-headers",
priority=4,
web_acl_arn=example["arn"],
action={
"captcha": {
"custom_request_handling": {
"insert_headers": [{
"name": "x-captcha-rule",
"value": "triggered",
}],
},
},
},
statement={
"geo_match_statement": {
"country_codes": ["US"],
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "captcha-with-headers",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRule(ctx, "captcha_with_headers", &wafv2.WebAclRuleArgs{
Name: pulumi.String("captcha-with-headers"),
Priority: pulumi.Int(4),
WebAclArn: pulumi.Any(example.Arn),
Action: &wafv2.WebAclRuleActionArgs{
Captcha: &wafv2.WebAclRuleActionCaptchaArgs{
CustomRequestHandling: &wafv2.WebAclRuleActionCaptchaCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("x-captcha-rule"),
Value: pulumi.String("triggered"),
},
},
},
},
},
Statement: &wafv2.WebAclRuleStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("US"),
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("captcha-with-headers"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var captchaWithHeaders = new Aws.WafV2.WebAclRule("captcha_with_headers", new()
{
Name = "captcha-with-headers",
Priority = 4,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Captcha = new Aws.WafV2.Inputs.WebAclRuleActionCaptchaArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleActionCaptchaCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs
{
Name = "x-captcha-rule",
Value = "triggered",
},
},
},
},
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"US",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "captcha-with-headers",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionCaptchaArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionCaptchaCustomRequestHandlingArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var captchaWithHeaders = new WebAclRule("captchaWithHeaders", WebAclRuleArgs.builder()
.name("captcha-with-headers")
.priority(4)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.captcha(WebAclRuleActionCaptchaArgs.builder()
.customRequestHandling(WebAclRuleActionCaptchaCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs.builder()
.name("x-captcha-rule")
.value("triggered")
.build())
.build())
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementGeoMatchStatementArgs.builder()
.countryCodes("US")
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("captcha-with-headers")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
captchaWithHeaders:
type: aws:wafv2:WebAclRule
name: captcha_with_headers
properties:
name: captcha-with-headers
priority: 4
webAclArn: ${example.arn}
action:
captcha:
customRequestHandling:
insertHeaders:
- name: x-captcha-rule
value: triggered
statement:
geoMatchStatement:
countryCodes:
- US
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: captcha-with-headers
sampledRequestsEnabled: true
IP Set Reference
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const blockedIps = new aws.wafv2.WebAclRule("blocked_ips", {
name: "blocked-ips",
priority: 1,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
ipSetReferenceStatement: {
arn: blockedIpsAwsWafv2IpSet.arn,
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "block-bad-ips",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
blocked_ips = aws.wafv2.WebAclRule("blocked_ips",
name="blocked-ips",
priority=1,
web_acl_arn=example["arn"],
action={
"block": {},
},
statement={
"ip_set_reference_statement": {
"arn": blocked_ips_aws_wafv2_ip_set["arn"],
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "block-bad-ips",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRule(ctx, "blocked_ips", &wafv2.WebAclRuleArgs{
Name: pulumi.String("blocked-ips"),
Priority: pulumi.Int(1),
WebAclArn: pulumi.Any(example.Arn),
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
IpSetReferenceStatement: &wafv2.WebAclRuleStatementIpSetReferenceStatementArgs{
Arn: pulumi.Any(blockedIpsAwsWafv2IpSet.Arn),
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("block-bad-ips"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var blockedIps = new Aws.WafV2.WebAclRule("blocked_ips", new()
{
Name = "blocked-ips",
Priority = 1,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
IpSetReferenceStatement = new Aws.WafV2.Inputs.WebAclRuleStatementIpSetReferenceStatementArgs
{
Arn = blockedIpsAwsWafv2IpSet.Arn,
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "block-bad-ips",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementIpSetReferenceStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var blockedIps = new WebAclRule("blockedIps", WebAclRuleArgs.builder()
.name("blocked-ips")
.priority(1)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.ipSetReferenceStatement(WebAclRuleStatementIpSetReferenceStatementArgs.builder()
.arn(blockedIpsAwsWafv2IpSet.arn())
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("block-bad-ips")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
blockedIps:
type: aws:wafv2:WebAclRule
name: blocked_ips
properties:
name: blocked-ips
priority: 1
webAclArn: ${example.arn}
action:
block: {}
statement:
ipSetReferenceStatement:
arn: ${blockedIpsAwsWafv2IpSet.arn}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: block-bad-ips
sampledRequestsEnabled: true
With this configuration, when you remove both the aws.wafv2.WebAclRule and aws.wafv2.IpSet resources, Terraform will:
- Delete the rule first (removing the reference from the Web ACL)
- Delete the IP set second (now safe because it’s no longer referenced)
This prevents the WAFAssociatedItemException error.
Logical AND Statement
Block requests that match multiple conditions (e.g., from a specific country AND containing a specific string):
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const blockSuspicious = new aws.wafv2.WebAclRule("block_suspicious", {
name: "block-suspicious",
priority: 1,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
andStatement: {
statements: [
{
geoMatchStatement: {
countryCodes: ["CN"],
},
},
{
byteMatchStatement: {
searchString: "admin",
positionalConstraint: "CONTAINS",
fieldToMatch: {
uriPath: {},
},
textTransformations: [{
priority: 0,
type: "LOWERCASE",
}],
},
},
],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "block-suspicious",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
block_suspicious = aws.wafv2.WebAclRule("block_suspicious",
name="block-suspicious",
priority=1,
web_acl_arn=example["arn"],
action={
"block": {},
},
statement={
"and_statement": {
"statements": [
{
"geo_match_statement": {
"country_codes": ["CN"],
},
},
{
"byte_match_statement": {
"search_string": "admin",
"positional_constraint": "CONTAINS",
"field_to_match": {
"uri_path": {},
},
"text_transformations": [{
"priority": 0,
"type": "LOWERCASE",
}],
},
},
],
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "block-suspicious",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRule(ctx, "block_suspicious", &wafv2.WebAclRuleArgs{
Name: pulumi.String("block-suspicious"),
Priority: pulumi.Int(1),
WebAclArn: pulumi.Any(example.Arn),
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
AndStatement: &wafv2.WebAclRuleStatementAndStatementArgs{
Statements: wafv2.WebAclRuleStatementArray{
&wafv2.WebAclRuleStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("CN"),
},
},
},
&wafv2.WebAclRuleStatementArgs{
ByteMatchStatement: &wafv2.WebAclRuleStatementByteMatchStatementArgs{
SearchString: pulumi.String("admin"),
PositionalConstraint: pulumi.String("CONTAINS"),
FieldToMatch: &wafv2.WebAclRuleStatementByteMatchStatementFieldToMatchArgs{
UriPath: &wafv2.WebAclRuleStatementByteMatchStatementFieldToMatchUriPathArgs{},
},
TextTransformations: wafv2.WebAclRuleStatementByteMatchStatementTextTransformationArray{
&wafv2.WebAclRuleStatementByteMatchStatementTextTransformationArgs{
Priority: pulumi.Int(0),
Type: pulumi.String("LOWERCASE"),
},
},
},
},
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("block-suspicious"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var blockSuspicious = new Aws.WafV2.WebAclRule("block_suspicious", new()
{
Name = "block-suspicious",
Priority = 1,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
AndStatement = new Aws.WafV2.Inputs.WebAclRuleStatementAndStatementArgs
{
Statements = new[]
{
new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"CN",
},
},
},
new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
ByteMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementArgs
{
SearchString = "admin",
PositionalConstraint = "CONTAINS",
FieldToMatch = new Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchArgs
{
UriPath = null,
},
TextTransformations = new[]
{
new Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementTextTransformationArgs
{
Priority = 0,
Type = "LOWERCASE",
},
},
},
},
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "block-suspicious",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementAndStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var blockSuspicious = new WebAclRule("blockSuspicious", WebAclRuleArgs.builder()
.name("block-suspicious")
.priority(1)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.andStatement(WebAclRuleStatementAndStatementArgs.builder()
.statements(
WebAclRuleStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementGeoMatchStatementArgs.builder()
.countryCodes("CN")
.build())
.build(),
WebAclRuleStatementArgs.builder()
.byteMatchStatement(WebAclRuleStatementByteMatchStatementArgs.builder()
.searchString("admin")
.positionalConstraint("CONTAINS")
.fieldToMatch(WebAclRuleStatementByteMatchStatementFieldToMatchArgs.builder()
.uriPath(WebAclRuleStatementByteMatchStatementFieldToMatchUriPathArgs.builder()
.build())
.build())
.textTransformations(WebAclRuleStatementByteMatchStatementTextTransformationArgs.builder()
.priority(0)
.type("LOWERCASE")
.build())
.build())
.build())
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("block-suspicious")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
blockSuspicious:
type: aws:wafv2:WebAclRule
name: block_suspicious
properties:
name: block-suspicious
priority: 1
webAclArn: ${example.arn}
action:
block: {}
statement:
andStatement:
statements:
- geoMatchStatement:
countryCodes:
- CN
- byteMatchStatement:
searchString: admin
positionalConstraint: CONTAINS
fieldToMatch:
uriPath: {}
textTransformations:
- priority: 0
type: LOWERCASE
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: block-suspicious
sampledRequestsEnabled: true
Logical OR Statement
Block requests that match any of multiple conditions:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const blockCountries = new aws.wafv2.WebAclRule("block_countries", {
name: "block-countries",
priority: 2,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
orStatement: {
statements: [
{
geoMatchStatement: {
countryCodes: ["CN"],
},
},
{
geoMatchStatement: {
countryCodes: ["RU"],
},
},
],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "block-countries",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
block_countries = aws.wafv2.WebAclRule("block_countries",
name="block-countries",
priority=2,
web_acl_arn=example["arn"],
action={
"block": {},
},
statement={
"or_statement": {
"statements": [
{
"geo_match_statement": {
"country_codes": ["CN"],
},
},
{
"geo_match_statement": {
"country_codes": ["RU"],
},
},
],
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "block-countries",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRule(ctx, "block_countries", &wafv2.WebAclRuleArgs{
Name: pulumi.String("block-countries"),
Priority: pulumi.Int(2),
WebAclArn: pulumi.Any(example.Arn),
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
OrStatement: &wafv2.WebAclRuleStatementOrStatementArgs{
Statements: wafv2.WebAclRuleStatementArray{
&wafv2.WebAclRuleStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("CN"),
},
},
},
&wafv2.WebAclRuleStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("RU"),
},
},
},
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("block-countries"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var blockCountries = new Aws.WafV2.WebAclRule("block_countries", new()
{
Name = "block-countries",
Priority = 2,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
OrStatement = new Aws.WafV2.Inputs.WebAclRuleStatementOrStatementArgs
{
Statements = new[]
{
new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"CN",
},
},
},
new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"RU",
},
},
},
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "block-countries",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementOrStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var blockCountries = new WebAclRule("blockCountries", WebAclRuleArgs.builder()
.name("block-countries")
.priority(2)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.orStatement(WebAclRuleStatementOrStatementArgs.builder()
.statements(
WebAclRuleStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementGeoMatchStatementArgs.builder()
.countryCodes("CN")
.build())
.build(),
WebAclRuleStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementGeoMatchStatementArgs.builder()
.countryCodes("RU")
.build())
.build())
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("block-countries")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
blockCountries:
type: aws:wafv2:WebAclRule
name: block_countries
properties:
name: block-countries
priority: 2
webAclArn: ${example.arn}
action:
block: {}
statement:
orStatement:
statements:
- geoMatchStatement:
countryCodes:
- CN
- geoMatchStatement:
countryCodes:
- RU
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: block-countries
sampledRequestsEnabled: true
Logical NOT Statement
Allow requests only from specific countries by negating a geo match:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const allowOnlyUs = new aws.wafv2.WebAclRule("allow_only_us", {
name: "allow-only-us",
priority: 3,
webAclArn: example.arn,
action: {
block: {},
},
statement: {
notStatement: {
statement: {
geoMatchStatement: {
countryCodes: [
"US",
"CA",
],
},
},
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "allow-only-us",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
allow_only_us = aws.wafv2.WebAclRule("allow_only_us",
name="allow-only-us",
priority=3,
web_acl_arn=example["arn"],
action={
"block": {},
},
statement={
"not_statement": {
"statement": {
"geo_match_statement": {
"country_codes": [
"US",
"CA",
],
},
},
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "allow-only-us",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRule(ctx, "allow_only_us", &wafv2.WebAclRuleArgs{
Name: pulumi.String("allow-only-us"),
Priority: pulumi.Int(3),
WebAclArn: pulumi.Any(example.Arn),
Action: &wafv2.WebAclRuleActionArgs{
Block: &wafv2.WebAclRuleActionBlockArgs{},
},
Statement: &wafv2.WebAclRuleStatementArgs{
NotStatement: &wafv2.WebAclRuleStatementNotStatementArgs{
Statement: &wafv2.WebAclRuleStatementNotStatementStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementNotStatementStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("US"),
pulumi.String("CA"),
},
},
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("allow-only-us"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var allowOnlyUs = new Aws.WafV2.WebAclRule("allow_only_us", new()
{
Name = "allow-only-us",
Priority = 3,
WebAclArn = example.Arn,
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
NotStatement = new Aws.WafV2.Inputs.WebAclRuleStatementNotStatementArgs
{
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementNotStatementStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementNotStatementStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"US",
"CA",
},
},
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "allow-only-us",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRule;
import com.pulumi.aws.wafv2.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementNotStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementNotStatementStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementNotStatementStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var allowOnlyUs = new WebAclRule("allowOnlyUs", WebAclRuleArgs.builder()
.name("allow-only-us")
.priority(3)
.webAclArn(example.arn())
.action(WebAclRuleActionArgs.builder()
.block(WebAclRuleActionBlockArgs.builder()
.build())
.build())
.statement(WebAclRuleStatementArgs.builder()
.notStatement(WebAclRuleStatementNotStatementArgs.builder()
.statement(WebAclRuleStatementNotStatementStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementNotStatementStatementGeoMatchStatementArgs.builder()
.countryCodes(
"US",
"CA")
.build())
.build())
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("allow-only-us")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
allowOnlyUs:
type: aws:wafv2:WebAclRule
name: allow_only_us
properties:
name: allow-only-us
priority: 3
webAclArn: ${example.arn}
action:
block: {}
statement:
notStatement:
statement:
geoMatchStatement:
countryCodes:
- US
- CA
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: allow-only-us
sampledRequestsEnabled: true
Create WebAclRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WebAclRule(name: string, args: WebAclRuleArgs, opts?: CustomResourceOptions);@overload
def WebAclRule(resource_name: str,
args: WebAclRuleInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WebAclRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
priority: Optional[int] = None,
web_acl_arn: Optional[str] = None,
action: Optional[WebAclRuleActionArgs] = None,
captcha_config: Optional[WebAclRuleCaptchaConfigArgs] = None,
challenge_config: Optional[WebAclRuleChallengeConfigArgs] = None,
name: Optional[str] = None,
override_action: Optional[WebAclRuleOverrideActionArgs] = None,
region: Optional[str] = None,
rule_labels: Optional[Sequence[WebAclRuleRuleLabelArgs]] = None,
statement: Optional[WebAclRuleStatementArgs] = None,
timeouts: Optional[WebAclRuleTimeoutsArgs] = None,
visibility_config: Optional[WebAclRuleVisibilityConfigArgs] = None)func NewWebAclRule(ctx *Context, name string, args WebAclRuleArgs, opts ...ResourceOption) (*WebAclRule, error)public WebAclRule(string name, WebAclRuleArgs args, CustomResourceOptions? opts = null)
public WebAclRule(String name, WebAclRuleArgs args)
public WebAclRule(String name, WebAclRuleArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAclRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WebAclRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WebAclRuleInitArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WebAclRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WebAclRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
WebAclRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WebAclRule resource accepts the following input properties:
- Priority int
- Rule priority. Rules with lower priority are evaluated first.
- Web
Acl stringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- Action
Web
Acl Rule Action - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - Captcha
Config WebAcl Rule Captcha Config - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- Challenge
Config WebAcl Rule Challenge Config - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- Name string
- Name of the rule. Must be unique within the Web ACL.
- Override
Action WebAcl Rule Override Action - Override action for managed rule groups. See Override Action below. Conflicts with
action. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Labels List<WebAcl Rule Rule Label> - Labels to apply to matching web requests. See Rule Label below.
- Statement
Web
Acl Rule Statement - Rule statement. See Statement below.
- Timeouts
Web
Acl Rule Timeouts - Visibility
Config WebAcl Rule Visibility Config - CloudWatch metrics configuration. See Visibility Config below.
- Priority int
- Rule priority. Rules with lower priority are evaluated first.
- Web
Acl stringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- Action
Web
Acl Rule Action Args - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - Captcha
Config WebAcl Rule Captcha Config Args - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- Challenge
Config WebAcl Rule Challenge Config Args - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- Name string
- Name of the rule. Must be unique within the Web ACL.
- Override
Action WebAcl Rule Override Action Args - Override action for managed rule groups. See Override Action below. Conflicts with
action. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Labels []WebAcl Rule Rule Label Args - Labels to apply to matching web requests. See Rule Label below.
- Statement
Web
Acl Rule Statement Args - Rule statement. See Statement below.
- Timeouts
Web
Acl Rule Timeouts Args - Visibility
Config WebAcl Rule Visibility Config Args - CloudWatch metrics configuration. See Visibility Config below.
- priority Integer
- Rule priority. Rules with lower priority are evaluated first.
- web
Acl StringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action
Web
Acl Rule Action - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha
Config WebAcl Rule Captcha Config - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge
Config WebAcl Rule Challenge Config - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name String
- Name of the rule. Must be unique within the Web ACL.
- override
Action WebAcl Rule Override Action - Override action for managed rule groups. See Override Action below. Conflicts with
action. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Labels List<WebAcl Rule Rule Label> - Labels to apply to matching web requests. See Rule Label below.
- statement
Web
Acl Rule Statement - Rule statement. See Statement below.
- timeouts
Web
Acl Rule Timeouts - visibility
Config WebAcl Rule Visibility Config - CloudWatch metrics configuration. See Visibility Config below.
- priority number
- Rule priority. Rules with lower priority are evaluated first.
- web
Acl stringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action
Web
Acl Rule Action - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha
Config WebAcl Rule Captcha Config - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge
Config WebAcl Rule Challenge Config - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name string
- Name of the rule. Must be unique within the Web ACL.
- override
Action WebAcl Rule Override Action - Override action for managed rule groups. See Override Action below. Conflicts with
action. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Labels WebAcl Rule Rule Label[] - Labels to apply to matching web requests. See Rule Label below.
- statement
Web
Acl Rule Statement - Rule statement. See Statement below.
- timeouts
Web
Acl Rule Timeouts - visibility
Config WebAcl Rule Visibility Config - CloudWatch metrics configuration. See Visibility Config below.
- priority int
- Rule priority. Rules with lower priority are evaluated first.
- web_
acl_ strarn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action
Web
Acl Rule Action Args - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha_
config WebAcl Rule Captcha Config Args - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge_
config WebAcl Rule Challenge Config Args - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name str
- Name of the rule. Must be unique within the Web ACL.
- override_
action WebAcl Rule Override Action Args - Override action for managed rule groups. See Override Action below. Conflicts with
action. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule_
labels Sequence[WebAcl Rule Rule Label Args] - Labels to apply to matching web requests. See Rule Label below.
- statement
Web
Acl Rule Statement Args - Rule statement. See Statement below.
- timeouts
Web
Acl Rule Timeouts Args - visibility_
config WebAcl Rule Visibility Config Args - CloudWatch metrics configuration. See Visibility Config below.
- priority Number
- Rule priority. Rules with lower priority are evaluated first.
- web
Acl StringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action Property Map
- Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha
Config Property Map - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge
Config Property Map - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name String
- Name of the rule. Must be unique within the Web ACL.
- override
Action Property Map - Override action for managed rule groups. See Override Action below. Conflicts with
action. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Labels List<Property Map> - Labels to apply to matching web requests. See Rule Label below.
- statement Property Map
- Rule statement. See Statement below.
- timeouts Property Map
- visibility
Config Property Map - CloudWatch metrics configuration. See Visibility Config below.
Outputs
All input properties are implicitly available as output properties. Additionally, the WebAclRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing WebAclRule Resource
Get an existing WebAclRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WebAclRuleState, opts?: CustomResourceOptions): WebAclRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[WebAclRuleActionArgs] = None,
captcha_config: Optional[WebAclRuleCaptchaConfigArgs] = None,
challenge_config: Optional[WebAclRuleChallengeConfigArgs] = None,
name: Optional[str] = None,
override_action: Optional[WebAclRuleOverrideActionArgs] = None,
priority: Optional[int] = None,
region: Optional[str] = None,
rule_labels: Optional[Sequence[WebAclRuleRuleLabelArgs]] = None,
statement: Optional[WebAclRuleStatementArgs] = None,
timeouts: Optional[WebAclRuleTimeoutsArgs] = None,
visibility_config: Optional[WebAclRuleVisibilityConfigArgs] = None,
web_acl_arn: Optional[str] = None) -> WebAclRulefunc GetWebAclRule(ctx *Context, name string, id IDInput, state *WebAclRuleState, opts ...ResourceOption) (*WebAclRule, error)public static WebAclRule Get(string name, Input<string> id, WebAclRuleState? state, CustomResourceOptions? opts = null)public static WebAclRule get(String name, Output<String> id, WebAclRuleState state, CustomResourceOptions options)resources: _: type: aws:wafv2:WebAclRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action
Web
Acl Rule Action - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - Captcha
Config WebAcl Rule Captcha Config - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- Challenge
Config WebAcl Rule Challenge Config - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- Name string
- Name of the rule. Must be unique within the Web ACL.
- Override
Action WebAcl Rule Override Action - Override action for managed rule groups. See Override Action below. Conflicts with
action. - Priority int
- Rule priority. Rules with lower priority are evaluated first.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Labels List<WebAcl Rule Rule Label> - Labels to apply to matching web requests. See Rule Label below.
- Statement
Web
Acl Rule Statement - Rule statement. See Statement below.
- Timeouts
Web
Acl Rule Timeouts - Visibility
Config WebAcl Rule Visibility Config - CloudWatch metrics configuration. See Visibility Config below.
- Web
Acl stringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- Action
Web
Acl Rule Action Args - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - Captcha
Config WebAcl Rule Captcha Config Args - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- Challenge
Config WebAcl Rule Challenge Config Args - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- Name string
- Name of the rule. Must be unique within the Web ACL.
- Override
Action WebAcl Rule Override Action Args - Override action for managed rule groups. See Override Action below. Conflicts with
action. - Priority int
- Rule priority. Rules with lower priority are evaluated first.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Labels []WebAcl Rule Rule Label Args - Labels to apply to matching web requests. See Rule Label below.
- Statement
Web
Acl Rule Statement Args - Rule statement. See Statement below.
- Timeouts
Web
Acl Rule Timeouts Args - Visibility
Config WebAcl Rule Visibility Config Args - CloudWatch metrics configuration. See Visibility Config below.
- Web
Acl stringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action
Web
Acl Rule Action - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha
Config WebAcl Rule Captcha Config - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge
Config WebAcl Rule Challenge Config - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name String
- Name of the rule. Must be unique within the Web ACL.
- override
Action WebAcl Rule Override Action - Override action for managed rule groups. See Override Action below. Conflicts with
action. - priority Integer
- Rule priority. Rules with lower priority are evaluated first.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Labels List<WebAcl Rule Rule Label> - Labels to apply to matching web requests. See Rule Label below.
- statement
Web
Acl Rule Statement - Rule statement. See Statement below.
- timeouts
Web
Acl Rule Timeouts - visibility
Config WebAcl Rule Visibility Config - CloudWatch metrics configuration. See Visibility Config below.
- web
Acl StringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action
Web
Acl Rule Action - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha
Config WebAcl Rule Captcha Config - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge
Config WebAcl Rule Challenge Config - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name string
- Name of the rule. Must be unique within the Web ACL.
- override
Action WebAcl Rule Override Action - Override action for managed rule groups. See Override Action below. Conflicts with
action. - priority number
- Rule priority. Rules with lower priority are evaluated first.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Labels WebAcl Rule Rule Label[] - Labels to apply to matching web requests. See Rule Label below.
- statement
Web
Acl Rule Statement - Rule statement. See Statement below.
- timeouts
Web
Acl Rule Timeouts - visibility
Config WebAcl Rule Visibility Config - CloudWatch metrics configuration. See Visibility Config below.
- web
Acl stringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action
Web
Acl Rule Action Args - Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha_
config WebAcl Rule Captcha Config Args - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge_
config WebAcl Rule Challenge Config Args - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name str
- Name of the rule. Must be unique within the Web ACL.
- override_
action WebAcl Rule Override Action Args - Override action for managed rule groups. See Override Action below. Conflicts with
action. - priority int
- Rule priority. Rules with lower priority are evaluated first.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule_
labels Sequence[WebAcl Rule Rule Label Args] - Labels to apply to matching web requests. See Rule Label below.
- statement
Web
Acl Rule Statement Args - Rule statement. See Statement below.
- timeouts
Web
Acl Rule Timeouts Args - visibility_
config WebAcl Rule Visibility Config Args - CloudWatch metrics configuration. See Visibility Config below.
- web_
acl_ strarn ARN of the Web ACL to add the rule to.
The following arguments are optional:
- action Property Map
- Action to take when the rule matches. See Action below. Conflicts with
overrideAction. - captcha
Config Property Map - CAPTCHA configuration that overrides the web ACL level setting. See Captcha Config below.
- challenge
Config Property Map - Challenge configuration that overrides the web ACL level setting. See Challenge Config below.
- name String
- Name of the rule. Must be unique within the Web ACL.
- override
Action Property Map - Override action for managed rule groups. See Override Action below. Conflicts with
action. - priority Number
- Rule priority. Rules with lower priority are evaluated first.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Labels List<Property Map> - Labels to apply to matching web requests. See Rule Label below.
- statement Property Map
- Rule statement. See Statement below.
- timeouts Property Map
- visibility
Config Property Map - CloudWatch metrics configuration. See Visibility Config below.
- web
Acl StringArn ARN of the Web ACL to add the rule to.
The following arguments are optional:
Supporting Types
Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.
WebAclRuleAction, WebAclRuleActionArgs
- Allow
Web
Acl Rule Action Allow - Allow the request. See Allow below.
- Block
Web
Acl Rule Action Block - Block the request. See Block below.
- Captcha
Web
Acl Rule Action Captcha - Present a CAPTCHA challenge. See Captcha below.
- Challenge
Web
Acl Rule Action Challenge - Present a silent challenge. See Challenge below.
- Count
Web
Acl Rule Action Count - Count the request without blocking. See Count below.
- Allow
Web
Acl Rule Action Allow - Allow the request. See Allow below.
- Block
Web
Acl Rule Action Block - Block the request. See Block below.
- Captcha
Web
Acl Rule Action Captcha - Present a CAPTCHA challenge. See Captcha below.
- Challenge
Web
Acl Rule Action Challenge - Present a silent challenge. See Challenge below.
- Count
Web
Acl Rule Action Count - Count the request without blocking. See Count below.
- allow
Web
Acl Rule Action Allow - Allow the request. See Allow below.
- block
Web
Acl Rule Action Block - Block the request. See Block below.
- captcha
Web
Acl Rule Action Captcha - Present a CAPTCHA challenge. See Captcha below.
- challenge
Web
Acl Rule Action Challenge - Present a silent challenge. See Challenge below.
- count
Web
Acl Rule Action Count - Count the request without blocking. See Count below.
- allow
Web
Acl Rule Action Allow - Allow the request. See Allow below.
- block
Web
Acl Rule Action Block - Block the request. See Block below.
- captcha
Web
Acl Rule Action Captcha - Present a CAPTCHA challenge. See Captcha below.
- challenge
Web
Acl Rule Action Challenge - Present a silent challenge. See Challenge below.
- count
Web
Acl Rule Action Count - Count the request without blocking. See Count below.
- allow
Web
Acl Rule Action Allow - Allow the request. See Allow below.
- block
Web
Acl Rule Action Block - Block the request. See Block below.
- captcha
Web
Acl Rule Action Captcha - Present a CAPTCHA challenge. See Captcha below.
- challenge
Web
Acl Rule Action Challenge - Present a silent challenge. See Challenge below.
- count
Web
Acl Rule Action Count - Count the request without blocking. See Count below.
- allow Property Map
- Allow the request. See Allow below.
- block Property Map
- Block the request. See Block below.
- captcha Property Map
- Present a CAPTCHA challenge. See Captcha below.
- challenge Property Map
- Present a silent challenge. See Challenge below.
- count Property Map
- Count the request without blocking. See Count below.
WebAclRuleActionAllow, WebAclRuleActionAllowArgs
- Custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Action Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleActionAllowCustomRequestHandling, WebAclRuleActionAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Allow Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Action Allow Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Action Allow Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Action Allow Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Action Allow Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleActionAllowCustomRequestHandlingInsertHeader, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs
WebAclRuleActionBlock, WebAclRuleActionBlockArgs
- Custom
Response WebAcl Rule Action Block Custom Response - Custom response configuration. See Custom Response below.
- Custom
Response WebAcl Rule Action Block Custom Response - Custom response configuration. See Custom Response below.
- custom
Response WebAcl Rule Action Block Custom Response - Custom response configuration. See Custom Response below.
- custom
Response WebAcl Rule Action Block Custom Response - Custom response configuration. See Custom Response below.
- custom_
response WebAcl Rule Action Block Custom Response - Custom response configuration. See Custom Response below.
- custom
Response Property Map - Custom response configuration. See Custom Response below.
WebAclRuleActionBlockCustomResponse, WebAclRuleActionBlockCustomResponseArgs
- Response
Code int - HTTP status code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body defined in the Web ACL.
- Response
Headers List<WebAcl Rule Action Block Custom Response Response Header> - Custom headers to include in the response. See Response Header below.
- Response
Code int - HTTP status code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body defined in the Web ACL.
- Response
Headers []WebAcl Rule Action Block Custom Response Response Header - Custom headers to include in the response. See Response Header below.
- response
Code Integer - HTTP status code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body defined in the Web ACL.
- response
Headers List<WebAcl Rule Action Block Custom Response Response Header> - Custom headers to include in the response. See Response Header below.
- response
Code number - HTTP status code to return (200-599).
- custom
Response stringBody Key - Key of a custom response body defined in the Web ACL.
- response
Headers WebAcl Rule Action Block Custom Response Response Header[] - Custom headers to include in the response. See Response Header below.
- response_
code int - HTTP status code to return (200-599).
- custom_
response_ strbody_ key - Key of a custom response body defined in the Web ACL.
- response_
headers Sequence[WebAcl Rule Action Block Custom Response Response Header] - Custom headers to include in the response. See Response Header below.
- response
Code Number - HTTP status code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body defined in the Web ACL.
- response
Headers List<Property Map> - Custom headers to include in the response. See Response Header below.
WebAclRuleActionBlockCustomResponseResponseHeader, WebAclRuleActionBlockCustomResponseResponseHeaderArgs
WebAclRuleActionCaptcha, WebAclRuleActionCaptchaArgs
- Custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Action Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleActionCaptchaCustomRequestHandling, WebAclRuleActionCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Captcha Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Action Captcha Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Action Captcha Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Action Captcha Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Action Captcha Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs
WebAclRuleActionChallenge, WebAclRuleActionChallengeArgs
- Custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Action Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleActionChallengeCustomRequestHandling, WebAclRuleActionChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Challenge Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Action Challenge Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Action Challenge Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Action Challenge Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Action Challenge Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleActionChallengeCustomRequestHandlingInsertHeader, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs
WebAclRuleActionCount, WebAclRuleActionCountArgs
- Custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Action Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Action Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleActionCountCustomRequestHandling, WebAclRuleActionCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Action Count Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Action Count Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Action Count Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Action Count Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Action Count Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleActionCountCustomRequestHandlingInsertHeader, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs
WebAclRuleCaptchaConfig, WebAclRuleCaptchaConfigArgs
- Immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- Immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity_
time_ Webproperty Acl Rule Captcha Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity
Time Property MapProperty - Immunity time configuration. See Immunity Time Property below.
WebAclRuleCaptchaConfigImmunityTimeProperty, WebAclRuleCaptchaConfigImmunityTimePropertyArgs
- Immunity
Time int - Immunity time in seconds (60-259200).
- Immunity
Time int - Immunity time in seconds (60-259200).
- immunity
Time Integer - Immunity time in seconds (60-259200).
- immunity
Time number - Immunity time in seconds (60-259200).
- immunity_
time int - Immunity time in seconds (60-259200).
- immunity
Time Number - Immunity time in seconds (60-259200).
WebAclRuleChallengeConfig, WebAclRuleChallengeConfigArgs
- Immunity
Time WebProperty Acl Rule Challenge Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- Immunity
Time WebProperty Acl Rule Challenge Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity
Time WebProperty Acl Rule Challenge Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity
Time WebProperty Acl Rule Challenge Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity_
time_ Webproperty Acl Rule Challenge Config Immunity Time Property - Immunity time configuration. See Immunity Time Property below.
- immunity
Time Property MapProperty - Immunity time configuration. See Immunity Time Property below.
WebAclRuleChallengeConfigImmunityTimeProperty, WebAclRuleChallengeConfigImmunityTimePropertyArgs
- Immunity
Time int - Immunity time in seconds (60-259200).
- Immunity
Time int - Immunity time in seconds (60-259200).
- immunity
Time Integer - Immunity time in seconds (60-259200).
- immunity
Time number - Immunity time in seconds (60-259200).
- immunity_
time int - Immunity time in seconds (60-259200).
- immunity
Time Number - Immunity time in seconds (60-259200).
WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs
- Count
Web
Acl Rule Override Action Count - Override the rule action with count.
- None
Web
Acl Rule Override Action None - Don't override the rule action.
- Count
Web
Acl Rule Override Action Count - Override the rule action with count.
- None
Web
Acl Rule Override Action None - Don't override the rule action.
- count
Web
Acl Rule Override Action Count - Override the rule action with count.
- none
Web
Acl Rule Override Action None - Don't override the rule action.
- count
Web
Acl Rule Override Action Count - Override the rule action with count.
- none
Web
Acl Rule Override Action None - Don't override the rule action.
- count
Web
Acl Rule Override Action Count - Override the rule action with count.
- none
Web
Acl Rule Override Action None - Don't override the rule action.
- count Property Map
- Override the rule action with count.
- none Property Map
- Don't override the rule action.
WebAclRuleRuleLabel, WebAclRuleRuleLabelArgs
- Name string
- Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).
- Name string
- Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).
- name String
- Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).
- name string
- Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).
- name str
- Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).
- name String
- Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).
WebAclRuleStatement, WebAclRuleStatementArgs
- And
Statement WebAcl Rule Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- Asn
Match WebStatement Acl Rule Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- Byte
Match WebStatement Acl Rule Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- Geo
Match WebStatement Acl Rule Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- Ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- Label
Match WebStatement Acl Rule Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- Managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- Not
Statement WebAcl Rule Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- Or
Statement WebAcl Rule Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- Rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- Regex
Match WebStatement Acl Rule Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- Regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- Rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- Size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- Sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- Xss
Match WebStatement Acl Rule Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- And
Statement WebAcl Rule Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- Asn
Match WebStatement Acl Rule Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- Byte
Match WebStatement Acl Rule Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- Geo
Match WebStatement Acl Rule Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- Ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- Label
Match WebStatement Acl Rule Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- Managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- Not
Statement WebAcl Rule Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- Or
Statement WebAcl Rule Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- Rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- Regex
Match WebStatement Acl Rule Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- Regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- Rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- Size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- Sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- Xss
Match WebStatement Acl Rule Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and
Statement WebAcl Rule Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- asn
Match WebStatement Acl Rule Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte
Match WebStatement Acl Rule Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- geo
Match WebStatement Acl Rule Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label
Match WebStatement Acl Rule Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not
Statement WebAcl Rule Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- or
Statement WebAcl Rule Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex
Match WebStatement Acl Rule Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss
Match WebStatement Acl Rule Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and
Statement WebAcl Rule Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- asn
Match WebStatement Acl Rule Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte
Match WebStatement Acl Rule Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- geo
Match WebStatement Acl Rule Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label
Match WebStatement Acl Rule Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not
Statement WebAcl Rule Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- or
Statement WebAcl Rule Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- rate
Based WebStatement Acl Rule Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex
Match WebStatement Acl Rule Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size
Constraint WebStatement Acl Rule Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli
Match WebStatement Acl Rule Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss
Match WebStatement Acl Rule Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and_
statement WebAcl Rule Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- asn_
match_ Webstatement Acl Rule Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte_
match_ Webstatement Acl Rule Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- geo_
match_ Webstatement Acl Rule Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- ip_
set_ Webreference_ statement Acl Rule Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label_
match_ Webstatement Acl Rule Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- managed_
rule_ Webgroup_ statement Acl Rule Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not_
statement WebAcl Rule Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- or_
statement WebAcl Rule Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- rate_
based_ Webstatement Acl Rule Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex_
match_ Webstatement Acl Rule Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- regex_
pattern_ Webset_ reference_ statement Acl Rule Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule_
group_ Webreference_ statement Acl Rule Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size_
constraint_ Webstatement Acl Rule Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli_
match_ Webstatement Acl Rule Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss_
match_ Webstatement Acl Rule Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and
Statement Property Map - Logical AND statement that combines multiple statements. See And Statement below.
- asn
Match Property MapStatement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte
Match Property MapStatement - Match requests based on byte patterns. See Byte Match Statement below.
- geo
Match Property MapStatement - Match requests by geographic location. See Geo Match Statement below.
- ip
Set Property MapReference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label
Match Property MapStatement - Match requests based on labels. See Label Match Statement below.
- managed
Rule Property MapGroup Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not
Statement Property Map - Logical NOT statement that negates a single statement. See Not Statement below.
- or
Statement Property Map - Logical OR statement that combines multiple statements. See Or Statement below.
- rate
Based Property MapStatement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex
Match Property MapStatement - Match requests using regex patterns. See Regex Match Statement below.
- regex
Pattern Property MapSet Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule
Group Property MapReference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size
Constraint Property MapStatement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli
Match Property MapStatement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss
Match Property MapStatement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
WebAclRuleStatementAndStatement, WebAclRuleStatementAndStatementArgs
- Statements
List<Web
Acl Rule Statement> - The statements to combine.
- Statements
[]Web
Acl Rule Statement - The statements to combine.
- statements
List<Web
Acl Rule Statement> - The statements to combine.
- statements
Web
Acl Rule Statement[] - The statements to combine.
- statements
Sequence[Web
Acl Rule Statement] - The statements to combine.
- statements List<Property Map>
- The statements to combine.
WebAclRuleStatementAsnMatchStatement, WebAclRuleStatementAsnMatchStatementArgs
- Asn
Lists List<int> - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- Forwarded
Ip WebConfig Acl Rule Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- Asn
Lists []int - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- Forwarded
Ip WebConfig Acl Rule Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn
Lists List<Integer> - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded
Ip WebConfig Acl Rule Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn
Lists number[] - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded
Ip WebConfig Acl Rule Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn_
lists Sequence[int] - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded_
ip_ Webconfig Acl Rule Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn
Lists List<Number> - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded
Ip Property MapConfig - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
WebAclRuleStatementAsnMatchStatementForwardedIpConfig, WebAclRuleStatementAsnMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
- fallback
Behavior string - header
Name string - Name of the header containing the forwarded IP address.
- fallback_
behavior str - header_
name str - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
WebAclRuleStatementByteMatchStatement, WebAclRuleStatementByteMatchStatementArgs
- Positional
Constraint string - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - Search
String string - String value to search for within the request (1-200 characters).
- Field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations List<WebAcl Rule Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- Positional
Constraint string - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - Search
String string - String value to search for within the request (1-200 characters).
- Field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations []WebAcl Rule Statement Byte Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional
Constraint String - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search
String String - String value to search for within the request (1-200 characters).
- field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<WebAcl Rule Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional
Constraint string - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search
String string - String value to search for within the request (1-200 characters).
- field
To WebMatch Acl Rule Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations WebAcl Rule Statement Byte Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional_
constraint str - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search_
string str - String value to search for within the request (1-200 characters).
- field_
to_ Webmatch Acl Rule Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text_
transformations Sequence[WebAcl Rule Statement Byte Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional
Constraint String - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search
String String - String value to search for within the request (1-200 characters).
- field
To Property MapMatch - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
WebAclRuleStatementByteMatchStatementFieldToMatch, WebAclRuleStatementByteMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders List<WebAcl Rule Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
List<Web
Acl Rule Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- All
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders []WebAcl Rule Statement Byte Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
[]Web
Acl Rule Statement Byte Match Statement Field To Match Header - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders List<WebAcl Rule Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
List<Web
Acl Rule Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders WebAcl Rule Statement Byte Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Web
Acl Rule Statement Byte Match Statement Field To Match Header[] - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all_
query_ Webarguments Acl Rule Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header_
orders Sequence[WebAcl Rule Statement Byte Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Sequence[Web
Acl Rule Statement Byte Match Statement Field To Match Header] - Inspect the request headers. See Headers below.
- ja3_
fingerprint WebAcl Rule Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4_
fingerprint WebAcl Rule Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json_
body WebAcl Rule Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- query_
string WebAcl Rule Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- single_
header WebAcl Rule Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single_
query_ Webargument Acl Rule Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri_
fragment WebAcl Rule Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri_
path WebAcl Rule Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body as plain text. See Body below.
- Property Map
- Inspect the request cookies. See Cookies below.
- header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers List<Property Map>
- Inspect the request headers. See Headers below.
- ja3Fingerprint Property Map
- Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint Property Map
- Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body Property Map - Inspect the request body as JSON. See JSON Body below.
- method Property Map
- Inspect the HTTP method.
- query
String Property Map - Inspect the query string.
- single
Header Property Map - Inspect a single header. See Single Header below.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment Property Map - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path Property Map - Inspect the request URI path.
WebAclRuleStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns List<WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns []WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern[] - Cookies to inspect. See Cookies Match Pattern below.
- match_
scope str - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
patterns Sequence[WebAcl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern] - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<Property Map> - Cookies to inspect. See Cookies Match Pattern below.
WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - List<string>
- List of cookie names to exclude from inspection.
- List<string>
- List of cookie names to inspect.
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - []string
- List of cookie names to exclude from inspection.
- []string
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - string[]
- List of cookie names to exclude from inspection.
- string[]
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Cookies Match Pattern All - Sequence[str]
- List of cookie names to exclude from inspection.
- Sequence[str]
- List of cookie names to inspect.
- all Property Map
- List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
WebAclRuleStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match_
scope str - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern Property Map - Headers to inspect. See Headers Match Pattern below.
WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - Excluded
Headers List<string> - List of header names to exclude from inspection.
- Included
Headers List<string> - List of header names to inspect.
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - Excluded
Headers []string - List of header names to exclude from inspection.
- Included
Headers []string - List of header names to inspect.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - excluded
Headers string[] - List of header names to exclude from inspection.
- included
Headers string[] - List of header names to inspect.
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Header Match Pattern All - excluded_
headers Sequence[str] - List of header names to exclude from inspection.
- included_
headers Sequence[str] - List of header names to inspect.
- all Property Map
- excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match_
scope str - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid_
fallback_ strbehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern Property Map - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - Included
Paths List<string> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- All
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - Included
Paths []string - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - included
Paths string[] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Byte Match Statement Field To Match Json Body Match Pattern All - included_
paths Sequence[str] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all Property Map
- included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the header to inspect (case insensitive).
- Name string
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
- name string
- Name of the header to inspect (case insensitive).
- name str
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query argument to inspect.
- Name string
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
- name string
- Name of the query argument to inspect.
- name str
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment, WebAclRuleStatementByteMatchStatementFieldToMatchUriFragmentArgs
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementByteMatchStatementTextTransformation, WebAclRuleStatementByteMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Integer
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority number
- Relative processing order for multiple transformations (0-based).
- type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority int
- Relative processing order for multiple transformations (0-based).
- type str
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Number
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
WebAclRuleStatementGeoMatchStatement, WebAclRuleStatementGeoMatchStatementArgs
- Country
Codes List<string> - List of two-character country codes (ISO 3166-1 alpha-2).
- Forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- Country
Codes []string - List of two-character country codes (ISO 3166-1 alpha-2).
- Forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country
Codes List<String> - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country
Codes string[] - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded
Ip WebConfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country_
codes Sequence[str] - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded_
ip_ Webconfig Acl Rule Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country
Codes List<String> - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded
Ip Property MapConfig - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
WebAclRuleStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
- fallback
Behavior string - header
Name string - Name of the header containing the forwarded IP address.
- fallback_
behavior str - header_
name str - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
WebAclRuleStatementIpSetReferenceStatement, WebAclRuleStatementIpSetReferenceStatementArgs
- Arn string
- ARN of the IP set to reference.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- Arn string
- ARN of the IP set to reference.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn String
- ARN of the IP set to reference.
- ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn string
- ARN of the IP set to reference.
- ip
Set WebForwarded Ip Config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn str
- ARN of the IP set to reference.
- ip_
set_ Webforwarded_ ip_ config Acl Rule Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn String
- ARN of the IP set to reference.
- ip
Set Property MapForwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs
- Fallback
Behavior string - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - Header
Name string - Name of the header containing the forwarded IP address.
- Position string
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- Fallback
Behavior string - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - Header
Name string - Name of the header containing the forwarded IP address.
- Position string
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback
Behavior String - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header
Name String - Name of the header containing the forwarded IP address.
- position String
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback
Behavior string - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header
Name string - Name of the header containing the forwarded IP address.
- position string
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback_
behavior str - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header_
name str - Name of the header containing the forwarded IP address.
- position str
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback
Behavior String - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header
Name String - Name of the header containing the forwarded IP address.
- position String
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
WebAclRuleStatementLabelMatchStatement, WebAclRuleStatementLabelMatchStatementArgs
- Key string
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - Scope string
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- Key string
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - Scope string
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key String
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope String
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key string
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope string
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key str
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope str
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key String
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope String
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
WebAclRuleStatementManagedRuleGroupStatement, WebAclRuleStatementManagedRuleGroupStatementArgs
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor (e.g., "AWS").
- Managed
Rule List<WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config> - Rule
Action List<WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override> - Override actions for specific rules within the managed rule group. See Rule Action Override below.
- Scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
- Version string
- Version of the managed rule group.
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor (e.g., "AWS").
- Managed
Rule []WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config - Rule
Action []WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override - Override actions for specific rules within the managed rule group. See Rule Action Override below.
- Scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
- Version string
- Version of the managed rule group.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor (e.g., "AWS").
- managed
Rule List<WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config> - rule
Action List<WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override> - Override actions for specific rules within the managed rule group. See Rule Action Override below.
- scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
- version String
- Version of the managed rule group.
- name string
- Name of the managed rule group.
- vendor
Name string - Name of the managed rule group vendor (e.g., "AWS").
- managed
Rule WebGroup Configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config[] - rule
Action WebOverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override[] - Override actions for specific rules within the managed rule group. See Rule Action Override below.
- scope
Down WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
- version string
- Version of the managed rule group.
- name str
- Name of the managed rule group.
- vendor_
name str - Name of the managed rule group vendor (e.g., "AWS").
- managed_
rule_ Sequence[Webgroup_ configs Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config] - rule_
action_ Sequence[Weboverrides Acl Rule Statement Managed Rule Group Statement Rule Action Override] - Override actions for specific rules within the managed rule group. See Rule Action Override below.
- scope_
down_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement - Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
- version str
- Version of the managed rule group.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor (e.g., "AWS").
- managed
Rule List<Property Map>Group Configs - rule
Action List<Property Map>Overrides - Override actions for specific rules within the managed rule group. See Rule Action Override below.
- scope
Down Property MapStatement - Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
- version String
- Version of the managed rule group.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs
- Aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - Aws
Managed WebRules Anti Ddos Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set - Aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - Aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - Login
Path string - Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - Payload
Type string - Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field
- Aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - Aws
Managed WebRules Anti Ddos Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set - Aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - Aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - Login
Path string - Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - Payload
Type string - Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field
- aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - aws
Managed WebRules Anti Ddos Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set - aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - login
Path String - password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - payload
Type String - username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field
- aws
Managed WebRules Acfp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - aws
Managed WebRules Anti Ddos Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set - aws
Managed WebRules Atp Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - aws
Managed WebRules Bot Control Rule Set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - login
Path string - password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - payload
Type string - username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field
- aws_
managed_ Webrules_ acfp_ rule_ set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set - aws_
managed_ Webrules_ anti_ ddos_ rule_ set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set - aws_
managed_ Webrules_ atp_ rule_ set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set - aws_
managed_ Webrules_ bot_ control_ rule_ set Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Bot Control Rule Set - login_
path str - password_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Password Field - payload_
type str - username_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Username Field
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetArgs
- Creation
Path string - Registration
Page stringPath - Enable
Regex boolIn Path - Request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - Response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection
- Creation
Path string - Registration
Page stringPath - Enable
Regex boolIn Path - Request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - Response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection
- creation
Path String - registration
Page StringPath - enable
Regex BooleanIn Path - request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection
- creation
Path string - registration
Page stringPath - enable
Regex booleanIn Path - request
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - response
Inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection
- creation_
path str - registration_
page_ strpath - enable_
regex_ boolin_ path - request_
inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection - response_
inspection WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionArgs
- Payload
Type string - Address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - Email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field
- Payload
Type string - Address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - Email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - Password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - Username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field
- payload
Type String - address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field
- payload
Type string - address
Fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - email
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - password
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - phone
Number WebFields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - username
Field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field
- payload_
type str - address_
fields WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - email_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Email Field - password_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Password Field - phone_
number_ Webfields Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - username_
field WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Request Inspection Username Field
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs
- Identifiers List<string>
- Identifiers []string
- identifiers List<String>
- identifiers string[]
- identifiers Sequence[str]
- identifiers List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs
- Identifier string
- Identifier string
- identifier String
- identifier string
- identifier str
- identifier String
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs
- Identifier string
- Identifier string
- identifier String
- identifier string
- identifier str
- identifier String
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs
- Identifiers List<string>
- Identifiers []string
- identifiers List<String>
- identifiers string[]
- identifiers Sequence[str]
- identifiers List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs
- Identifier string
- Identifier string
- identifier String
- identifier string
- identifier str
- identifier String
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionArgs
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code
- body_
contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Json - status_
code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Acfp Rule Set Response Inspection Status Code
- body
Contains Property Map - header Property Map
- Use a header as an aggregate key. See Custom Key Header below.
- json Property Map
- status
Code Property Map
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs
- Failure
Strings List<string> - Success
Strings List<string>
- Failure
Strings []string - Success
Strings []string
- failure
Strings List<String> - success
Strings List<String>
- failure
Strings string[] - success
Strings string[]
- failure_
strings Sequence[str] - success_
strings Sequence[str]
- failure
Strings List<String> - success
Strings List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs
- Failure
Values List<string> - Name string
- Name of the rule. Must be unique within the Web ACL.
- Success
Values List<string>
- Failure
Values []string - Name string
- Name of the rule. Must be unique within the Web ACL.
- Success
Values []string
- failure
Values List<String> - name String
- Name of the rule. Must be unique within the Web ACL.
- success
Values List<String>
- failure
Values string[] - name string
- Name of the rule. Must be unique within the Web ACL.
- success
Values string[]
- failure_
values Sequence[str] - name str
- Name of the rule. Must be unique within the Web ACL.
- success_
values Sequence[str]
- failure
Values List<String> - name String
- Name of the rule. Must be unique within the Web ACL.
- success
Values List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs
- Failure
Values List<string> - Identifier string
- Success
Values List<string>
- Failure
Values []string - Identifier string
- Success
Values []string
- failure
Values List<String> - identifier String
- success
Values List<String>
- failure
Values string[] - identifier string
- success
Values string[]
- failure_
values Sequence[str] - identifier str
- success_
values Sequence[str]
- failure
Values List<String> - identifier String
- success
Values List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs
- Failure
Codes List<int> - Success
Codes List<int>
- Failure
Codes []int - Success
Codes []int
- failure
Codes List<Integer> - success
Codes List<Integer>
- failure
Codes number[] - success
Codes number[]
- failure_
codes Sequence[int] - success_
codes Sequence[int]
- failure
Codes List<Number> - success
Codes List<Number>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetArgs
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigArgs
- Challenge
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Present a silent challenge. See Challenge below.
- Challenge
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Present a silent challenge. See Challenge below.
- challenge
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Present a silent challenge. See Challenge below.
- challenge
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Present a silent challenge. See Challenge below.
- challenge
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Present a silent challenge. See Challenge below.
- challenge Property Map
- Present a silent challenge. See Challenge below.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeArgs
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArgs
- Regex
String string - Regular expression pattern to match against the web request component.
- Regex
String string - Regular expression pattern to match against the web request component.
- regex
String String - Regular expression pattern to match against the web request component.
- regex
String string - Regular expression pattern to match against the web request component.
- regex_
string str - Regular expression pattern to match against the web request component.
- regex
String String - Regular expression pattern to match against the web request component.
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs
- Identifier string
- Identifier string
- identifier String
- identifier string
- identifier str
- identifier String
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs
- Identifier string
- Identifier string
- identifier String
- identifier string
- identifier str
- identifier String
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code
- Body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- Json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - Status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code
- body
Contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - status
Code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code
- body_
contains WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Body Contains - header
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Header - Use a header as an aggregate key. See Custom Key Header below.
- json
Web
Acl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Json - status_
code WebAcl Rule Statement Managed Rule Group Statement Managed Rule Group Config Aws Managed Rules Atp Rule Set Response Inspection Status Code
- body
Contains Property Map - header Property Map
- Use a header as an aggregate key. See Custom Key Header below.
- json Property Map
- status
Code Property Map
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs
- Failure
Strings List<string> - Success
Strings List<string>
- Failure
Strings []string - Success
Strings []string
- failure
Strings List<String> - success
Strings List<String>
- failure
Strings string[] - success
Strings string[]
- failure_
strings Sequence[str] - success_
strings Sequence[str]
- failure
Strings List<String> - success
Strings List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs
- Failure
Values List<string> - Name string
- Name of the rule. Must be unique within the Web ACL.
- Success
Values List<string>
- Failure
Values []string - Name string
- Name of the rule. Must be unique within the Web ACL.
- Success
Values []string
- failure
Values List<String> - name String
- Name of the rule. Must be unique within the Web ACL.
- success
Values List<String>
- failure
Values string[] - name string
- Name of the rule. Must be unique within the Web ACL.
- success
Values string[]
- failure_
values Sequence[str] - name str
- Name of the rule. Must be unique within the Web ACL.
- success_
values Sequence[str]
- failure
Values List<String> - name String
- Name of the rule. Must be unique within the Web ACL.
- success
Values List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs
- Failure
Values List<string> - Identifier string
- Success
Values List<string>
- Failure
Values []string - Identifier string
- Success
Values []string
- failure
Values List<String> - identifier String
- success
Values List<String>
- failure
Values string[] - identifier string
- success
Values string[]
- failure_
values Sequence[str] - identifier str
- success_
values Sequence[str]
- failure
Values List<String> - identifier String
- success
Values List<String>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs
- Failure
Codes List<int> - Success
Codes List<int>
- Failure
Codes []int - Success
Codes []int
- failure
Codes List<Integer> - success
Codes List<Integer>
- failure
Codes number[] - success
Codes number[]
- failure_
codes Sequence[int] - success_
codes Sequence[int]
- failure
Codes List<Number> - success
Codes List<Number>
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetArgs
- Inspection
Level string - Enable
Machine boolLearning
- Inspection
Level string - Enable
Machine boolLearning
- inspection
Level String - enable
Machine BooleanLearning
- inspection
Level string - enable
Machine booleanLearning
- inspection
Level String - enable
Machine BooleanLearning
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldArgs
- Identifier string
- Identifier string
- identifier String
- identifier string
- identifier str
- identifier String
WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldArgs
- Identifier string
- Identifier string
- identifier String
- identifier string
- identifier str
- identifier String
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArgs
- Name string
- Name of the rule to override.
- Action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use for the rule. See Action below.
- Name string
- Name of the rule to override.
- Action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use for the rule. See Action below.
- name String
- Name of the rule to override.
- action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use for the rule. See Action below.
- name string
- Name of the rule to override.
- action
To WebUse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use for the rule. See Action below.
- name str
- Name of the rule to override.
- action_
to_ Webuse Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use - Override action to use for the rule. See Action below.
- name String
- Name of the rule to override.
- action
To Property MapUse - Override action to use for the rule. See Action below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseArgs
- Allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - Allow the request. See Allow below.
- Block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - Block the request. See Block below.
- Captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Present a CAPTCHA challenge. See Captcha below.
- Challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Present a silent challenge. See Challenge below.
- Count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- Allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - Allow the request. See Allow below.
- Block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - Block the request. See Block below.
- Captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Present a CAPTCHA challenge. See Captcha below.
- Challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Present a silent challenge. See Challenge below.
- Count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - Allow the request. See Allow below.
- block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - Block the request. See Block below.
- captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Present a CAPTCHA challenge. See Captcha below.
- challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Present a silent challenge. See Challenge below.
- count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - Allow the request. See Allow below.
- block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - Block the request. See Block below.
- captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Present a CAPTCHA challenge. See Captcha below.
- challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Present a silent challenge. See Challenge below.
- count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow - Allow the request. See Allow below.
- block
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block - Block the request. See Block below.
- captcha
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha - Present a CAPTCHA challenge. See Captcha below.
- challenge
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge - Present a silent challenge. See Challenge below.
- count
Web
Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count
- allow Property Map
- Allow the request. See Allow below.
- block Property Map
- Block the request. See Block below.
- captcha Property Map
- Present a CAPTCHA challenge. See Captcha below.
- challenge Property Map
- Present a silent challenge. See Challenge below.
- count Property Map
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Allow Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockArgs
- Custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Custom response configuration. See Custom Response below.
- Custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Custom response configuration. See Custom Response below.
- custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Custom response configuration. See Custom Response below.
- custom
Response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Custom response configuration. See Custom Response below.
- custom_
response WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response - Custom response configuration. See Custom Response below.
- custom
Response Property Map - Custom response configuration. See Custom Response below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseArgs
- Response
Code int - HTTP status code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body defined in the Web ACL.
- Response
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header> - Custom headers to include in the response. See Response Header below.
- Response
Code int - HTTP status code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body defined in the Web ACL.
- Response
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header - Custom headers to include in the response. See Response Header below.
- response
Code Integer - HTTP status code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body defined in the Web ACL.
- response
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header> - Custom headers to include in the response. See Response Header below.
- response
Code number - HTTP status code to return (200-599).
- custom
Response stringBody Key - Key of a custom response body defined in the Web ACL.
- response
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header[] - Custom headers to include in the response. See Response Header below.
- response_
code int - HTTP status code to return (200-599).
- custom_
response_ strbody_ key - Key of a custom response body defined in the Web ACL.
- response_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Block Custom Response Response Header] - Custom headers to include in the response. See Response Header below.
- response
Code Number - HTTP status code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body defined in the Web ACL.
- response
Headers List<Property Map> - Custom headers to include in the response. See Response Header below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Captcha Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Challenge Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountArgs
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- Custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request WebHandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom_
request_ Webhandling Acl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling - Custom request handling configuration. See Custom Request Handling below.
- custom
Request Property MapHandling - Custom request handling configuration. See Custom Request Handling below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- Insert
Headers []WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Custom headers to insert into the request. See Insert Header below.
- insert
Headers WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header[] - Custom headers to insert into the request. See Insert Header below.
- insert_
headers Sequence[WebAcl Rule Statement Managed Rule Group Statement Rule Action Override Action To Use Count Custom Request Handling Insert Header] - Custom headers to insert into the request. See Insert Header below.
- insert
Headers List<Property Map> - Custom headers to insert into the request. See Insert Header below.
WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs
- Asn
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
- Byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement above.
- Geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement above.
- Ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement above.
- Label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Match requests based on labels. See Label Match Statement above.
- Regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement above.
- Regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
- Size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement above.
- Sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks.
- Xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Match requests that appear to contain cross-site scripting attacks.
- Asn
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
- Byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement above.
- Geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement above.
- Ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement above.
- Label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Match requests based on labels. See Label Match Statement above.
- Regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement above.
- Regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
- Size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement above.
- Sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks.
- Xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Match requests that appear to contain cross-site scripting attacks.
- asn
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
- byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement above.
- geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement above.
- ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement above.
- label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Match requests based on labels. See Label Match Statement above.
- regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement above.
- regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
- size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement above.
- sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks.
- xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Match requests that appear to contain cross-site scripting attacks.
- asn
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
- byte
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement above.
- geo
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement above.
- ip
Set WebReference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement above.
- label
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Match requests based on labels. See Label Match Statement above.
- regex
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement above.
- regex
Pattern WebSet Reference Statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
- size
Constraint WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement above.
- sqli
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks.
- xss
Match WebStatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Match requests that appear to contain cross-site scripting attacks.
- asn_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
- byte_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement above.
- geo_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement above.
- ip_
set_ Webreference_ statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement above.
- label_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Label Match Statement - Match requests based on labels. See Label Match Statement above.
- regex_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement above.
- regex_
pattern_ Webset_ reference_ statement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement - Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
- size_
constraint_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement above.
- sqli_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks.
- xss_
match_ Webstatement Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement - Match requests that appear to contain cross-site scripting attacks.
- asn
Match Property MapStatement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
- byte
Match Property MapStatement - Match requests based on byte patterns. See Byte Match Statement above.
- geo
Match Property MapStatement - Match requests by geographic location. See Geo Match Statement above.
- ip
Set Property MapReference Statement - Reference to an IP set. See IP Set Reference Statement above.
- label
Match Property MapStatement - Match requests based on labels. See Label Match Statement above.
- regex
Match Property MapStatement - Match requests using regex patterns. See Regex Match Statement above.
- regex
Pattern Property MapSet Reference Statement - Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
- size
Constraint Property MapStatement - Match requests based on size constraints. See Size Constraint Statement above.
- sqli
Match Property MapStatement - Match requests that appear to contain SQL injection attacks.
- xss
Match Property MapStatement - Match requests that appear to contain cross-site scripting attacks.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementArgs
- Asn
Lists List<int> - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- Forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- Asn
Lists []int - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- Forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn
Lists List<Integer> - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn
Lists number[] - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn_
lists Sequence[int] - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded_
ip_ Webconfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Asn Match Statement Forwarded Ip Config - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
- asn
Lists List<Number> - List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
- forwarded
Ip Property MapConfig - Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
- fallback
Behavior string - header
Name string - Name of the header containing the forwarded IP address.
- fallback_
behavior str - header_
name str - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementArgs
- Positional
Constraint string - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - Search
String string - String value to search for within the request (1-200 characters).
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- Positional
Constraint string - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - Search
String string - String value to search for within the request (1-200 characters).
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional
Constraint String - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search
String String - String value to search for within the request (1-200 characters).
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional
Constraint string - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search
String string - String value to search for within the request (1-200 characters).
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional_
constraint str - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search_
string str - String value to search for within the request (1-200 characters).
- field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- positional
Constraint String - Area within the portion of the web request that you want WAF to search for
searchString. Valid values:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. - search
String String - String value to search for within the request (1-200 characters).
- field
To Property MapMatch - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header[] - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header] - Inspect the request headers. See Headers below.
- ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Method - Inspect the HTTP method.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Query String - Inspect the query string.
- single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri_
fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body as plain text. See Body below.
- Property Map
- Inspect the request cookies. See Cookies below.
- header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers List<Property Map>
- Inspect the request headers. See Headers below.
- ja3Fingerprint Property Map
- Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint Property Map
- Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body Property Map - Inspect the request body as JSON. See JSON Body below.
- method Property Map
- Inspect the HTTP method.
- query
String Property Map - Inspect the query string.
- single
Header Property Map - Inspect a single header. See Single Header below.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment Property Map - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path Property Map - Inspect the request URI path.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern[] - Cookies to inspect. See Cookies Match Pattern below.
- match_
scope str - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern] - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<Property Map> - Cookies to inspect. See Cookies Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - List<string>
- List of cookie names to exclude from inspection.
- List<string>
- List of cookie names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - []string
- List of cookie names to exclude from inspection.
- []string
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - string[]
- List of cookie names to exclude from inspection.
- string[]
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Cookies Match Pattern All - Sequence[str]
- List of cookie names to exclude from inspection.
- Sequence[str]
- List of cookie names to inspect.
- all Property Map
- List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match_
scope str - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern Property Map - Headers to inspect. See Headers Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - Excluded
Headers List<string> - List of header names to exclude from inspection.
- Included
Headers List<string> - List of header names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - Excluded
Headers []string - List of header names to exclude from inspection.
- Included
Headers []string - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - excluded
Headers string[] - List of header names to exclude from inspection.
- included
Headers string[] - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Header Match Pattern All - excluded_
headers Sequence[str] - List of header names to exclude from inspection.
- included_
headers Sequence[str] - List of header names to inspect.
- all Property Map
- excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match_
scope str - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid_
fallback_ strbehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern Property Map - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - Included
Paths List<string> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - Included
Paths []string - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - included
Paths string[] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Byte Match Statement Field To Match Json Body Match Pattern All - included_
paths Sequence[str] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all Property Map
- included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the header to inspect (case insensitive).
- Name string
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
- name string
- Name of the header to inspect (case insensitive).
- name str
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query argument to inspect.
- Name string
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
- name string
- Name of the query argument to inspect.
- name str
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragmentArgs
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Integer
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority number
- Relative processing order for multiple transformations (0-based).
- type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority int
- Relative processing order for multiple transformations (0-based).
- type str
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Number
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs
- Country
Codes List<string> - List of two-character country codes (ISO 3166-1 alpha-2).
- Forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- Country
Codes []string - List of two-character country codes (ISO 3166-1 alpha-2).
- Forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country
Codes List<String> - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country
Codes string[] - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded
Ip WebConfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country_
codes Sequence[str] - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded_
ip_ Webconfig Acl Rule Statement Managed Rule Group Statement Scope Down Statement Geo Match Statement Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
- country
Codes List<String> - List of two-character country codes (ISO 3166-1 alpha-2).
- forwarded
Ip Property MapConfig - Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- Fallback
Behavior string - Header
Name string - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
- fallback
Behavior string - header
Name string - Name of the header containing the forwarded IP address.
- fallback_
behavior str - header_
name str - Name of the header containing the forwarded IP address.
- fallback
Behavior String - header
Name String - Name of the header containing the forwarded IP address.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementArgs
- Arn string
- ARN of the IP set to reference.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- Arn string
- ARN of the IP set to reference.
- Ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn String
- ARN of the IP set to reference.
- ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn string
- ARN of the IP set to reference.
- ip
Set WebForwarded Ip Config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn str
- ARN of the IP set to reference.
- ip_
set_ Webforwarded_ ip_ config Acl Rule Statement Managed Rule Group Statement Scope Down Statement Ip Set Reference Statement Ip Set Forwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
- arn String
- ARN of the IP set to reference.
- ip
Set Property MapForwarded Ip Config - Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs
- Fallback
Behavior string - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - Header
Name string - Name of the header containing the forwarded IP address.
- Position string
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- Fallback
Behavior string - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - Header
Name string - Name of the header containing the forwarded IP address.
- Position string
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback
Behavior String - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header
Name String - Name of the header containing the forwarded IP address.
- position String
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback
Behavior string - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header
Name string - Name of the header containing the forwarded IP address.
- position string
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback_
behavior str - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header_
name str - Name of the header containing the forwarded IP address.
- position str
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
- fallback
Behavior String - Action to take when the IP address in the header is invalid. Valid values:
MATCH,NO_MATCH. - header
Name String - Name of the header containing the forwarded IP address.
- position String
- Position in the header to use. Valid values:
FIRST,LAST,ANY.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatementArgs
- Key string
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - Scope string
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- Key string
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - Scope string
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key String
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope String
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key string
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope string
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key str
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope str
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
- key String
- String to match against. For
LABELscope, include the name and any preceding namespace specifications. ForNAMESPACEscope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g.,NS1:NS2:name). - scope String
- Whether to match using the label name or namespace. Valid values:
LABEL,NAMESPACE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementArgs
- Regex
String string - Regular expression pattern to match against the web request component.
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- Regex
String string - Regular expression pattern to match against the web request component.
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- regex
String String - Regular expression pattern to match against the web request component.
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- regex
String string - Regular expression pattern to match against the web request component.
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- regex_
string str - Regular expression pattern to match against the web request component.
- field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- regex
String String - Regular expression pattern to match against the web request component.
- field
To Property MapMatch - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header[] - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header] - Inspect the request headers. See Headers below.
- ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Method - Inspect the HTTP method.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Query String - Inspect the query string.
- single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri_
fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body as plain text. See Body below.
- Property Map
- Inspect the request cookies. See Cookies below.
- header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers List<Property Map>
- Inspect the request headers. See Headers below.
- ja3Fingerprint Property Map
- Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint Property Map
- Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body Property Map - Inspect the request body as JSON. See JSON Body below.
- method Property Map
- Inspect the HTTP method.
- query
String Property Map - Inspect the query string.
- single
Header Property Map - Inspect a single header. See Single Header below.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment Property Map - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path Property Map - Inspect the request URI path.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern[] - Cookies to inspect. See Cookies Match Pattern below.
- match_
scope str - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern] - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<Property Map> - Cookies to inspect. See Cookies Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - List<string>
- List of cookie names to exclude from inspection.
- List<string>
- List of cookie names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - []string
- List of cookie names to exclude from inspection.
- []string
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - string[]
- List of cookie names to exclude from inspection.
- string[]
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Cookies Match Pattern All - Sequence[str]
- List of cookie names to exclude from inspection.
- Sequence[str]
- List of cookie names to inspect.
- all Property Map
- List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match_
scope str - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern Property Map - Headers to inspect. See Headers Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - Excluded
Headers List<string> - List of header names to exclude from inspection.
- Included
Headers List<string> - List of header names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - Excluded
Headers []string - List of header names to exclude from inspection.
- Included
Headers []string - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - excluded
Headers string[] - List of header names to exclude from inspection.
- included
Headers string[] - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Header Match Pattern All - excluded_
headers Sequence[str] - List of header names to exclude from inspection.
- included_
headers Sequence[str] - List of header names to inspect.
- all Property Map
- excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match_
scope str - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid_
fallback_ strbehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern Property Map - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - Included
Paths List<string> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - Included
Paths []string - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - included
Paths string[] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Match Statement Field To Match Json Body Match Pattern All - included_
paths Sequence[str] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all Property Map
- included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the header to inspect (case insensitive).
- Name string
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
- name string
- Name of the header to inspect (case insensitive).
- name str
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query argument to inspect.
- Name string
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
- name string
- Name of the query argument to inspect.
- name str
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragmentArgs
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Integer
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority number
- Relative processing order for multiple transformations (0-based).
- type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority int
- Relative processing order for multiple transformations (0-based).
- type str
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Number
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementArgs
- Arn string
- ARN of the regex pattern set to reference.
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- Arn string
- ARN of the regex pattern set to reference.
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- arn String
- ARN of the regex pattern set to reference.
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- arn string
- ARN of the regex pattern set to reference.
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- arn str
- ARN of the regex pattern set to reference.
- field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- arn String
- ARN of the regex pattern set to reference.
- field
To Property MapMatch - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header> - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header[] - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header] - Inspect the request headers. See Headers below.
- ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Method - Inspect the HTTP method.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Query String - Inspect the query string.
- single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri_
fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body as plain text. See Body below.
- Property Map
- Inspect the request cookies. See Cookies below.
- header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers List<Property Map>
- Inspect the request headers. See Headers below.
- ja3Fingerprint Property Map
- Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint Property Map
- Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body Property Map - Inspect the request body as JSON. See JSON Body below.
- method Property Map
- Inspect the HTTP method.
- query
String Property Map - Inspect the query string.
- single
Header Property Map - Inspect a single header. See Single Header below.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment Property Map - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path Property Map - Inspect the request URI path.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern[] - Cookies to inspect. See Cookies Match Pattern below.
- match_
scope str - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern] - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<Property Map> - Cookies to inspect. See Cookies Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - List<string>
- List of cookie names to exclude from inspection.
- List<string>
- List of cookie names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - []string
- List of cookie names to exclude from inspection.
- []string
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - string[]
- List of cookie names to exclude from inspection.
- string[]
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Cookies Match Pattern All - Sequence[str]
- List of cookie names to exclude from inspection.
- Sequence[str]
- List of cookie names to inspect.
- all Property Map
- List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match_
scope str - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern Property Map - Headers to inspect. See Headers Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - Excluded
Headers List<string> - List of header names to exclude from inspection.
- Included
Headers List<string> - List of header names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - Excluded
Headers []string - List of header names to exclude from inspection.
- Included
Headers []string - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - excluded
Headers string[] - List of header names to exclude from inspection.
- included
Headers string[] - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Header Match Pattern All - excluded_
headers Sequence[str] - List of header names to exclude from inspection.
- included_
headers Sequence[str] - List of header names to inspect.
- all Property Map
- excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match_
scope str - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid_
fallback_ strbehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern Property Map - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - Included
Paths List<string> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - Included
Paths []string - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - included
Paths string[] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Regex Pattern Set Reference Statement Field To Match Json Body Match Pattern All - included_
paths Sequence[str] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all Property Map
- included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the header to inspect (case insensitive).
- Name string
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
- name string
- Name of the header to inspect (case insensitive).
- name str
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query argument to inspect.
- Name string
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
- name string
- Name of the query argument to inspect.
- name str
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragmentArgs
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Integer
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority number
- Relative processing order for multiple transformations (0-based).
- type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority int
- Relative processing order for multiple transformations (0-based).
- type str
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Number
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementArgs
- Comparison
Operator string - Operator to use to compare the request part to the size setting. Valid values:
EQ,NE,LE,LT,GE,GT. - Size int
- Size, in bytes, to compare to the request part, after any transformations.
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- Comparison
Operator string - Operator to use to compare the request part to the size setting. Valid values:
EQ,NE,LE,LT,GE,GT. - Size int
- Size, in bytes, to compare to the request part, after any transformations.
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- comparison
Operator String - Operator to use to compare the request part to the size setting. Valid values:
EQ,NE,LE,LT,GE,GT. - size Integer
- Size, in bytes, to compare to the request part, after any transformations.
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- comparison
Operator string - Operator to use to compare the request part to the size setting. Valid values:
EQ,NE,LE,LT,GE,GT. - size number
- Size, in bytes, to compare to the request part, after any transformations.
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation[] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- comparison_
operator str - Operator to use to compare the request part to the size setting. Valid values:
EQ,NE,LE,LT,GE,GT. - size int
- Size, in bytes, to compare to the request part, after any transformations.
- field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match - Part of the web request that you want WAF to inspect. See Field to Match below.
- text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Text Transformation] - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
- comparison
Operator String - Operator to use to compare the request part to the size setting. Valid values:
EQ,NE,LE,LT,GE,GT. - size Number
- Size, in bytes, to compare to the request part, after any transformations.
- field
To Property MapMatch - Part of the web request that you want WAF to inspect. See Field to Match below.
- text
Transformations List<Property Map> - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header> - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header[] - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header] - Inspect the request headers. See Headers below.
- ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Method - Inspect the HTTP method.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Query String - Inspect the query string.
- single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri_
fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body as plain text. See Body below.
- Property Map
- Inspect the request cookies. See Cookies below.
- header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers List<Property Map>
- Inspect the request headers. See Headers below.
- ja3Fingerprint Property Map
- Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint Property Map
- Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body Property Map - Inspect the request body as JSON. See JSON Body below.
- method Property Map
- Inspect the HTTP method.
- query
String Property Map - Inspect the query string.
- single
Header Property Map - Inspect a single header. See Single Header below.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment Property Map - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path Property Map - Inspect the request URI path.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern[] - Cookies to inspect. See Cookies Match Pattern below.
- match_
scope str - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern] - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<Property Map> - Cookies to inspect. See Cookies Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - List<string>
- List of cookie names to exclude from inspection.
- List<string>
- List of cookie names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - []string
- List of cookie names to exclude from inspection.
- []string
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - string[]
- List of cookie names to exclude from inspection.
- string[]
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Cookies Match Pattern All - Sequence[str]
- List of cookie names to exclude from inspection.
- Sequence[str]
- List of cookie names to inspect.
- all Property Map
- List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match_
scope str - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern Property Map - Headers to inspect. See Headers Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - Excluded
Headers List<string> - List of header names to exclude from inspection.
- Included
Headers List<string> - List of header names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - Excluded
Headers []string - List of header names to exclude from inspection.
- Included
Headers []string - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - excluded
Headers string[] - List of header names to exclude from inspection.
- included
Headers string[] - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Header Match Pattern All - excluded_
headers Sequence[str] - List of header names to exclude from inspection.
- included_
headers Sequence[str] - List of header names to inspect.
- all Property Map
- excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match_
scope str - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid_
fallback_ strbehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern Property Map - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - Included
Paths List<string> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - Included
Paths []string - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - included
Paths string[] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Size Constraint Statement Field To Match Json Body Match Pattern All - included_
paths Sequence[str] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all Property Map
- included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the header to inspect (case insensitive).
- Name string
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
- name string
- Name of the header to inspect (case insensitive).
- name str
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query argument to inspect.
- Name string
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
- name string
- Name of the query argument to inspect.
- name str
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragmentArgs
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Integer
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority number
- Relative processing order for multiple transformations (0-based).
- type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority int
- Relative processing order for multiple transformations (0-based).
- type str
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Number
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementArgs
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - Sensitivity
Level string - Sensitivity level for detecting SQL injection attacks. Valid values:
HIGH,LOW. - Text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation>
- Field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - Sensitivity
Level string - Sensitivity level for detecting SQL injection attacks. Valid values:
HIGH,LOW. - Text
Transformations []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - sensitivity
Level String - Sensitivity level for detecting SQL injection attacks. Valid values:
HIGH,LOW. - text
Transformations List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation>
- field
To WebMatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - sensitivity
Level string - Sensitivity level for detecting SQL injection attacks. Valid values:
HIGH,LOW. - text
Transformations WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation[]
- field_
to_ Webmatch Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match - sensitivity_
level str - Sensitivity level for detecting SQL injection attacks. Valid values:
HIGH,LOW. - text_
transformations Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Text Transformation]
- field
To Property MapMatch - sensitivity
Level String - Sensitivity level for detecting SQL injection attacks. Valid values:
HIGH,LOW. - text
Transformations List<Property Map>
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header[] - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header] - Inspect the request headers. See Headers below.
- ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Method - Inspect the HTTP method.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Query String - Inspect the query string.
- single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri_
fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body as plain text. See Body below.
- Property Map
- Inspect the request cookies. See Cookies below.
- header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers List<Property Map>
- Inspect the request headers. See Headers below.
- ja3Fingerprint Property Map
- Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint Property Map
- Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body Property Map - Inspect the request body as JSON. See JSON Body below.
- method Property Map
- Inspect the HTTP method.
- query
String Property Map - Inspect the query string.
- single
Header Property Map - Inspect a single header. See Single Header below.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment Property Map - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path Property Map - Inspect the request URI path.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern[] - Cookies to inspect. See Cookies Match Pattern below.
- match_
scope str - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern] - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<Property Map> - Cookies to inspect. See Cookies Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - List<string>
- List of cookie names to exclude from inspection.
- List<string>
- List of cookie names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - []string
- List of cookie names to exclude from inspection.
- []string
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - string[]
- List of cookie names to exclude from inspection.
- string[]
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Cookies Match Pattern All - Sequence[str]
- List of cookie names to exclude from inspection.
- Sequence[str]
- List of cookie names to inspect.
- all Property Map
- List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match_
scope str - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern Property Map - Headers to inspect. See Headers Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - Excluded
Headers List<string> - List of header names to exclude from inspection.
- Included
Headers List<string> - List of header names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - Excluded
Headers []string - List of header names to exclude from inspection.
- Included
Headers []string - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - excluded
Headers string[] - List of header names to exclude from inspection.
- included
Headers string[] - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Header Match Pattern All - excluded_
headers Sequence[str] - List of header names to exclude from inspection.
- included_
headers Sequence[str] - List of header names to inspect.
- all Property Map
- excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match_
scope str - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid_
fallback_ strbehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern Property Map - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - Included
Paths List<string> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - Included
Paths []string - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - included
Paths string[] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Sqli Match Statement Field To Match Json Body Match Pattern All - included_
paths Sequence[str] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all Property Map
- included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the header to inspect (case insensitive).
- Name string
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
- name string
- Name of the header to inspect (case insensitive).
- name str
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query argument to inspect.
- Name string
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
- name string
- Name of the query argument to inspect.
- name str
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragmentArgs
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Integer
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority number
- Relative processing order for multiple transformations (0-based).
- type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority int
- Relative processing order for multiple transformations (0-based).
- type str
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Number
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementArgs
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchArgs
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path.
- All
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- Body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- Header
Orders []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- Headers
[]Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header - Inspect the request headers. See Headers below.
- Ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- Ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- Json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- Method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method.
- Query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string.
- Single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- Single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- Uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- Uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
List<Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header> - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query WebArguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header
Orders WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order[] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header[] - Inspect the request headers. See Headers below.
- ja3Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method.
- query
String WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string.
- single
Header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single
Query WebArgument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path.
- all_
query_ Webarguments Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match All Query Arguments - Inspect all query arguments.
- body
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Body - Inspect the request body as plain text. See Body below.
-
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies - Inspect the request cookies. See Cookies below.
- header_
orders Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Order] - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers
Sequence[Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header] - Inspect the request headers. See Headers below.
- ja3_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja3Fingerprint - Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4_
fingerprint WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Ja4Fingerprint - Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json_
body WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body - Inspect the request body as JSON. See JSON Body below.
- method
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Method - Inspect the HTTP method.
- query_
string WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Query String - Inspect the query string.
- single_
header WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Header - Inspect a single header. See Single Header below.
- single_
query_ Webargument Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Single Query Argument - Inspect a single query argument. See Single Query Argument below.
- uri_
fragment WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Fragment - Inspect fragments of the request URI. See URI Fragment below.
- uri_
path WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Uri Path - Inspect the request URI path.
- all
Query Property MapArguments - Inspect all query arguments.
- body Property Map
- Inspect the request body as plain text. See Body below.
- Property Map
- Inspect the request cookies. See Cookies below.
- header
Orders List<Property Map> - Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
- headers List<Property Map>
- Inspect the request headers. See Headers below.
- ja3Fingerprint Property Map
- Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
- ja4Fingerprint Property Map
- Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
- json
Body Property Map - Inspect the request body as JSON. See JSON Body below.
- method Property Map
- Inspect the HTTP method.
- query
String Property Map - Inspect the query string.
- single
Header Property Map - Inspect a single header. See Single Header below.
- single
Query Property MapArgument - Inspect a single query argument. See Single Query Argument below.
- uri
Fragment Property Map - Inspect fragments of the request URI. See URI Fragment below.
- uri
Path Property Map - Inspect the request URI path.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBodyArgs
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesArgs
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- Match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Patterns []WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern> - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope string - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern[] - Cookies to inspect. See Cookies Match Pattern below.
- match_
scope str - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
patterns Sequence[WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern] - Cookies to inspect. See Cookies Match Pattern below.
- match
Scope String - Parts of the cookies to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with cookies larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Patterns List<Property Map> - Cookies to inspect. See Cookies Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - List<string>
- List of cookie names to exclude from inspection.
- List<string>
- List of cookie names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - []string
- List of cookie names to exclude from inspection.
- []string
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - string[]
- List of cookie names to exclude from inspection.
- string[]
- List of cookie names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Cookies Match Pattern All - Sequence[str]
- List of cookie names to exclude from inspection.
- Sequence[str]
- List of cookie names to inspect.
- all Property Map
- List<String>
- List of cookie names to exclude from inspection.
- List<String>
- List of cookie names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderArgs
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- Match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope string - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match_
scope str - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern - Headers to inspect. See Headers Match Pattern below.
- match
Scope String - Parts of the headers to inspect. Valid values:
ALL,KEY,VALUE. - oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. - match
Pattern Property Map - Headers to inspect. See Headers Match Pattern below.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - Excluded
Headers List<string> - List of header names to exclude from inspection.
- Included
Headers List<string> - List of header names to inspect.
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - Excluded
Headers []string - List of header names to exclude from inspection.
- Included
Headers []string - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - excluded
Headers string[] - List of header names to exclude from inspection.
- included
Headers string[] - List of header names to inspect.
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Header Match Pattern All - excluded_
headers Sequence[str] - List of header names to exclude from inspection.
- included_
headers Sequence[str] - List of header names to inspect.
- all Property Map
- excluded
Headers List<String> - List of header names to exclude from inspection.
- included
Headers List<String> - List of header names to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrderArgs
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String - How to handle requests with headers larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4FingerprintArgs
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - Action to take if WAF cannot calculate the fingerprint. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyArgs
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- Match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - Invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - Match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- Oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope string - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback stringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling string - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match_
scope str - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid_
fallback_ strbehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match_
pattern WebAcl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern - JSON content to inspect. See JSON Body Match Pattern below.
- oversize_
handling str - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
- match
Scope String - Parts of the JSON to inspect. Valid values:
ALL,KEY,VALUE. - invalid
Fallback StringBehavior - How to handle requests with invalid JSON body. Valid values:
EVALUATE_AS_STRING,MATCH,NO_MATCH. - match
Pattern Property Map - JSON content to inspect. See JSON Body Match Pattern below.
- oversize
Handling String - How to handle requests with a body larger than the inspection limit. Valid values:
CONTINUE,MATCH,NO_MATCH. Defaults toCONTINUE.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternArgs
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - Included
Paths List<string> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- All
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - Included
Paths []string - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - included
Paths string[] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all
Web
Acl Rule Statement Managed Rule Group Statement Scope Down Statement Xss Match Statement Field To Match Json Body Match Pattern All - included_
paths Sequence[str] - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
- all Property Map
- included
Paths List<String> - List of JSON pointer expressions to inspect (e.g.,
/foo/bar).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeaderArgs
- Name string
- Name of the header to inspect (case insensitive).
- Name string
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
- name string
- Name of the header to inspect (case insensitive).
- name str
- Name of the header to inspect (case insensitive).
- name String
- Name of the header to inspect (case insensitive).
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgumentArgs
- Name string
- Name of the query argument to inspect.
- Name string
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
- name string
- Name of the query argument to inspect.
- name str
- Name of the query argument to inspect.
- name String
- Name of the query argument to inspect.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragmentArgs
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- Fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior string - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback_
behavior str - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
- fallback
Behavior String - How to handle requests with a URI fragment that is too large to inspect. Valid values:
MATCH,NO_MATCH.
WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformationArgs
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- Priority int
- Relative processing order for multiple transformations (0-based).
- Type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Integer
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority number
- Relative processing order for multiple transformations (0-based).
- type string
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority int
- Relative processing order for multiple transformations (0-based).
- type str
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
- priority Number
- Relative processing order for multiple transformations (0-based).
- type String
- Transformation to apply. Valid values:
NONE,COMPRESS_WHITE_SPACE,HTML_ENTITY_DECODE,LOWERCASE,CMD_LINE,URL_DECODE,BASE64_DECODE,HEX_DECODE,MD5,REPLACE_COMMENTS,ESCAPE_SEQ_DECODE,SQL_HEX_DECODE,CSS_DECODE,JS_DECODE,NORMALIZE_PATH,NORMALIZE_PATH_WIN,REMOVE_NULLS,REPLACE_NULLS,BASE64_DECODE_EXT,URL_DECODE_UNI,UTF8_TO_UNICODE.
WebAclRuleStatementNotStatement, WebAclRuleStatementNotStatementArgs
- Statement
Web
Acl Rule Statement Not Statement Statement - Single statement to negate. Exactly one statement must be specified.
- Statement
Web
Acl Rule Statement Not Statement Statement - Single statement to negate. Exactly one statement must be specified.
- statement
Web
Acl Rule Statement Not Statement Statement - Single statement to negate. Exactly one statement must be specified.
- statement
Web
Acl Rule Statement Not Statement Statement - Single statement to negate. Exactly one statement must be specified.
- statement
Web
Acl Rule Statement Not Statement Statement - Single statement to negate. Exactly one statement must be specified.
- statement Property Map
- Single statement to negate. Exactly one statement must be specified.
WebAclRuleStatementNotStatementStatement, WebAclRuleStatementNotStatementStatementArgs
- And
Statement WebAcl Rule Statement Not Statement Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- Asn
Match WebStatement Acl Rule Statement Not Statement Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- Byte
Match WebStatement Acl Rule Statement Not Statement Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- Geo
Match WebStatement Acl Rule Statement Not Statement Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- Ip
Set WebReference Statement Acl Rule Statement Not Statement Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- Label
Match WebStatement Acl Rule Statement Not Statement Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- Managed
Rule WebGroup Statement Acl Rule Statement Not Statement Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- Not
Statement WebAcl Rule Statement Not Statement Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- Or
Statement WebAcl Rule Statement Not Statement Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- Rate
Based WebStatement Acl Rule Statement Not Statement Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- Regex
Match WebStatement Acl Rule Statement Not Statement Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- Regex
Pattern WebSet Reference Statement Acl Rule Statement Not Statement Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- Rule
Group WebReference Statement Acl Rule Statement Not Statement Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- Size
Constraint WebStatement Acl Rule Statement Not Statement Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- Sqli
Match WebStatement Acl Rule Statement Not Statement Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- Xss
Match WebStatement Acl Rule Statement Not Statement Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- And
Statement WebAcl Rule Statement Not Statement Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- Asn
Match WebStatement Acl Rule Statement Not Statement Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- Byte
Match WebStatement Acl Rule Statement Not Statement Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- Geo
Match WebStatement Acl Rule Statement Not Statement Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- Ip
Set WebReference Statement Acl Rule Statement Not Statement Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- Label
Match WebStatement Acl Rule Statement Not Statement Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- Managed
Rule WebGroup Statement Acl Rule Statement Not Statement Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- Not
Statement WebAcl Rule Statement Not Statement Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- Or
Statement WebAcl Rule Statement Not Statement Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- Rate
Based WebStatement Acl Rule Statement Not Statement Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- Regex
Match WebStatement Acl Rule Statement Not Statement Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- Regex
Pattern WebSet Reference Statement Acl Rule Statement Not Statement Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- Rule
Group WebReference Statement Acl Rule Statement Not Statement Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- Size
Constraint WebStatement Acl Rule Statement Not Statement Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- Sqli
Match WebStatement Acl Rule Statement Not Statement Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- Xss
Match WebStatement Acl Rule Statement Not Statement Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and
Statement WebAcl Rule Statement Not Statement Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- asn
Match WebStatement Acl Rule Statement Not Statement Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte
Match WebStatement Acl Rule Statement Not Statement Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- geo
Match WebStatement Acl Rule Statement Not Statement Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- ip
Set WebReference Statement Acl Rule Statement Not Statement Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label
Match WebStatement Acl Rule Statement Not Statement Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- managed
Rule WebGroup Statement Acl Rule Statement Not Statement Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not
Statement WebAcl Rule Statement Not Statement Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- or
Statement WebAcl Rule Statement Not Statement Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- rate
Based WebStatement Acl Rule Statement Not Statement Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex
Match WebStatement Acl Rule Statement Not Statement Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- regex
Pattern WebSet Reference Statement Acl Rule Statement Not Statement Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule
Group WebReference Statement Acl Rule Statement Not Statement Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size
Constraint WebStatement Acl Rule Statement Not Statement Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli
Match WebStatement Acl Rule Statement Not Statement Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss
Match WebStatement Acl Rule Statement Not Statement Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and
Statement WebAcl Rule Statement Not Statement Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- asn
Match WebStatement Acl Rule Statement Not Statement Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte
Match WebStatement Acl Rule Statement Not Statement Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- geo
Match WebStatement Acl Rule Statement Not Statement Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- ip
Set WebReference Statement Acl Rule Statement Not Statement Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label
Match WebStatement Acl Rule Statement Not Statement Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- managed
Rule WebGroup Statement Acl Rule Statement Not Statement Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not
Statement WebAcl Rule Statement Not Statement Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- or
Statement WebAcl Rule Statement Not Statement Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- rate
Based WebStatement Acl Rule Statement Not Statement Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex
Match WebStatement Acl Rule Statement Not Statement Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- regex
Pattern WebSet Reference Statement Acl Rule Statement Not Statement Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule
Group WebReference Statement Acl Rule Statement Not Statement Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size
Constraint WebStatement Acl Rule Statement Not Statement Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli
Match WebStatement Acl Rule Statement Not Statement Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss
Match WebStatement Acl Rule Statement Not Statement Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and_
statement WebAcl Rule Statement Not Statement Statement And Statement - Logical AND statement that combines multiple statements. See And Statement below.
- asn_
match_ Webstatement Acl Rule Statement Not Statement Statement Asn Match Statement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte_
match_ Webstatement Acl Rule Statement Not Statement Statement Byte Match Statement - Match requests based on byte patterns. See Byte Match Statement below.
- geo_
match_ Webstatement Acl Rule Statement Not Statement Statement Geo Match Statement - Match requests by geographic location. See Geo Match Statement below.
- ip_
set_ Webreference_ statement Acl Rule Statement Not Statement Statement Ip Set Reference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label_
match_ Webstatement Acl Rule Statement Not Statement Statement Label Match Statement - Match requests based on labels. See Label Match Statement below.
- managed_
rule_ Webgroup_ statement Acl Rule Statement Not Statement Statement Managed Rule Group Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not_
statement WebAcl Rule Statement Not Statement Statement Not Statement - Logical NOT statement that negates a single statement. See Not Statement below.
- or_
statement WebAcl Rule Statement Not Statement Statement Or Statement - Logical OR statement that combines multiple statements. See Or Statement below.
- rate_
based_ Webstatement Acl Rule Statement Not Statement Statement Rate Based Statement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex_
match_ Webstatement Acl Rule Statement Not Statement Statement Regex Match Statement - Match requests using regex patterns. See Regex Match Statement below.
- regex_
pattern_ Webset_ reference_ statement Acl Rule Statement Not Statement Statement Regex Pattern Set Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule_
group_ Webreference_ statement Acl Rule Statement Not Statement Statement Rule Group Reference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size_
constraint_ Webstatement Acl Rule Statement Not Statement Statement Size Constraint Statement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli_
match_ Webstatement Acl Rule Statement Not Statement Statement Sqli Match Statement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss_
match_ Webstatement Acl Rule Statement Not Statement Statement Xss Match Statement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
- and
Statement Property Map - Logical AND statement that combines multiple statements. See And Statement below.
- asn
Match Property MapStatement - Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
- byte
Match Property MapStatement - Match requests based on byte patterns. See Byte Match Statement below.
- geo
Match Property MapStatement - Match requests by geographic location. See Geo Match Statement below.
- ip
Set Property MapReference Statement - Reference to an IP set. See IP Set Reference Statement below.
- label
Match Property MapStatement - Match requests based on labels. See Label Match Statement below.
- managed
Rule Property MapGroup Statement - Reference to a managed rule group. See Managed Rule Group Statement below.
- not
Statement Property Map - Logical NOT statement that negates a single statement. See Not Statement below.
- or
Statement Property Map - Logical OR statement that combines multiple statements. See Or Statement below.
- rate
Based Property MapStatement - Rate-based rule to track request rates. See Rate Based Statement below.
- regex
Match Property MapStatement - Match requests using regex patterns. See Regex Match Statement below.
- regex
Pattern Property MapSet Reference Statement - Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
- rule
Group Property MapReference Statement - Reference to a rule group. See Rule Group Reference Statement below.
- size
Constraint Property MapStatement - Match requests based on size constraints. See Size Constraint Statement below.
- sqli
Match Property MapStatement - Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
- xss
Match Property MapStatement Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (
andStatement,notStatement,orStatement) can be nested up to 3 levels deep. This matches the nesting limit of theaws.wafv2.WebAclresource.
Import
Identity Schema
Required
name(String) Rule name, unique within the Web ACL.webAclArn(String) ARN of the Web ACL.
Optional
region(String) Region where this resource is managed.
Using pulumi import, import WAFv2 Web ACL Rules using the webAclArn and name separated by a comma (,). For example:
$ pulumi import aws:wafv2/webAclRule:WebAclRule example arn:aws:wafv2:us-east-1:123456789012:regional/webacl/example/abc123def456,my-rule
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Viewing docs for AWS v7.27.0
published on Thursday, Apr 23, 2026 by Pulumi
published on Thursday, Apr 23, 2026 by Pulumi
