aws-sdk-waf 1.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
File without changes
@@ -0,0 +1,23 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing for info on making contributions:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws
9
+ module WAF
10
+ module Errors
11
+
12
+ extend Aws::Errors::DynamicErrors
13
+
14
+ # Raised when calling #load or #data on a resource class that can not be
15
+ # loaded. This can happen when:
16
+ #
17
+ # * A resource class has identifiers, but no data attributes.
18
+ # * Resource data is only available when making an API call that
19
+ # enumerates all resources of that type.
20
+ class ResourceNotLoadable < RuntimeError; end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,25 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing for info on making contributions:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws
9
+ module WAF
10
+ class Resource
11
+
12
+ # @param options ({})
13
+ # @option options [Client] :client
14
+ def initialize(options = {})
15
+ @client = options[:client] || Client.new(options)
16
+ end
17
+
18
+ # @return [Client]
19
+ def client
20
+ @client
21
+ end
22
+
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,3189 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing for info on making contributions:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws
9
+ module WAF
10
+ module Types
11
+
12
+ # The `ActivatedRule` object in an UpdateWebACL request specifies a
13
+ # `Rule` that you want to insert or delete, the priority of the `Rule`
14
+ # in the `WebACL`, and the action that you want AWS WAF to take when a
15
+ # web request matches the `Rule` (`ALLOW`, `BLOCK`, or `COUNT`).
16
+ #
17
+ # To specify whether to insert or delete a `Rule`, use the `Action`
18
+ # parameter in the WebACLUpdate data type.
19
+ # @note When making an API call, pass ActivatedRule
20
+ # data as a hash:
21
+ #
22
+ # {
23
+ # priority: 1, # required
24
+ # rule_id: "ResourceId", # required
25
+ # action: { # required
26
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
27
+ # },
28
+ # }
29
+ # @!attribute [rw] priority
30
+ # Specifies the order in which the `Rules` in a `WebACL` are
31
+ # evaluated. Rules with a lower value for `Priority` are evaluated
32
+ # before `Rules` with a higher value. The value must be a unique
33
+ # integer. If you add multiple `Rules` to a `WebACL`, the values
34
+ # don't need to be consecutive.
35
+ # @return [Integer]
36
+ #
37
+ # @!attribute [rw] rule_id
38
+ # The `RuleId` for a `Rule`. You use `RuleId` to get more information
39
+ # about a `Rule` (see GetRule), update a `Rule` (see UpdateRule),
40
+ # insert a `Rule` into a `WebACL` or delete a one from a `WebACL` (see
41
+ # UpdateWebACL), or delete a `Rule` from AWS WAF (see DeleteRule).
42
+ #
43
+ # `RuleId` is returned by CreateRule and by ListRules.
44
+ # @return [String]
45
+ #
46
+ # @!attribute [rw] action
47
+ # Specifies the action that CloudFront or AWS WAF takes when a web
48
+ # request matches the conditions in the `Rule`. Valid values for
49
+ # `Action` include the following:
50
+ #
51
+ # * `ALLOW`\: CloudFront responds with the requested object.
52
+ #
53
+ # * `BLOCK`\: CloudFront responds with an HTTP 403 (Forbidden) status
54
+ # code.
55
+ #
56
+ # * `COUNT`\: AWS WAF increments a counter of requests that match the
57
+ # conditions in the rule and then continues to inspect the web
58
+ # request based on the remaining rules in the web ACL.
59
+ # @return [Types::WafAction]
60
+ class ActivatedRule < Struct.new(
61
+ :priority,
62
+ :rule_id,
63
+ :action)
64
+ include Aws::Structure
65
+ end
66
+
67
+ # In a GetByteMatchSet request, `ByteMatchSet` is a complex type that
68
+ # contains the `ByteMatchSetId` and `Name` of a `ByteMatchSet`, and the
69
+ # values that you specified when you updated the `ByteMatchSet`.
70
+ #
71
+ # A complex type that contains `ByteMatchTuple` objects, which specify
72
+ # the parts of web requests that you want AWS WAF to inspect and the
73
+ # values that you want AWS WAF to search for. If a `ByteMatchSet`
74
+ # contains more than one `ByteMatchTuple` object, a request needs to
75
+ # match the settings in only one `ByteMatchTuple` to be considered a
76
+ # match.
77
+ # @!attribute [rw] byte_match_set_id
78
+ # The `ByteMatchSetId` for a `ByteMatchSet`. You use `ByteMatchSetId`
79
+ # to get information about a `ByteMatchSet` (see GetByteMatchSet),
80
+ # update a `ByteMatchSet` (see UpdateByteMatchSet), insert a
81
+ # `ByteMatchSet` into a `Rule` or delete one from a `Rule` (see
82
+ # UpdateRule), and delete a `ByteMatchSet` from AWS WAF (see
83
+ # DeleteByteMatchSet).
84
+ #
85
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
86
+ # ListByteMatchSets.
87
+ # @return [String]
88
+ #
89
+ # @!attribute [rw] name
90
+ # A friendly name or description of the ByteMatchSet. You can't
91
+ # change `Name` after you create a `ByteMatchSet`.
92
+ # @return [String]
93
+ #
94
+ # @!attribute [rw] byte_match_tuples
95
+ # Specifies the bytes (typically a string that corresponds with ASCII
96
+ # characters) that you want AWS WAF to search for in web requests, the
97
+ # location in requests that you want AWS WAF to search, and other
98
+ # settings.
99
+ # @return [Array<Types::ByteMatchTuple>]
100
+ class ByteMatchSet < Struct.new(
101
+ :byte_match_set_id,
102
+ :name,
103
+ :byte_match_tuples)
104
+ include Aws::Structure
105
+ end
106
+
107
+ # Returned by ListByteMatchSets. Each `ByteMatchSetSummary` object
108
+ # includes the `Name` and `ByteMatchSetId` for one ByteMatchSet.
109
+ # @!attribute [rw] byte_match_set_id
110
+ # The `ByteMatchSetId` for a `ByteMatchSet`. You use `ByteMatchSetId`
111
+ # to get information about a `ByteMatchSet`, update a `ByteMatchSet`,
112
+ # remove a `ByteMatchSet` from a `Rule`, and delete a `ByteMatchSet`
113
+ # from AWS WAF.
114
+ #
115
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
116
+ # ListByteMatchSets.
117
+ # @return [String]
118
+ #
119
+ # @!attribute [rw] name
120
+ # A friendly name or description of the ByteMatchSet. You can't
121
+ # change `Name` after you create a `ByteMatchSet`.
122
+ # @return [String]
123
+ class ByteMatchSetSummary < Struct.new(
124
+ :byte_match_set_id,
125
+ :name)
126
+ include Aws::Structure
127
+ end
128
+
129
+ # In an UpdateByteMatchSet request, `ByteMatchSetUpdate` specifies
130
+ # whether to insert or delete a ByteMatchTuple and includes the settings
131
+ # for the `ByteMatchTuple`.
132
+ # @note When making an API call, pass ByteMatchSetUpdate
133
+ # data as a hash:
134
+ #
135
+ # {
136
+ # action: "INSERT", # required, accepts INSERT, DELETE
137
+ # byte_match_tuple: { # required
138
+ # field_to_match: { # required
139
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
140
+ # data: "MatchFieldData",
141
+ # },
142
+ # target_string: "data", # required
143
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
144
+ # positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
145
+ # },
146
+ # }
147
+ # @!attribute [rw] action
148
+ # Specifies whether to insert or delete a ByteMatchTuple.
149
+ # @return [String]
150
+ #
151
+ # @!attribute [rw] byte_match_tuple
152
+ # Information about the part of a web request that you want AWS WAF to
153
+ # inspect and the value that you want AWS WAF to search for. If you
154
+ # specify `DELETE` for the value of `Action`, the `ByteMatchTuple`
155
+ # values must exactly match the values in the `ByteMatchTuple` that
156
+ # you want to delete from the `ByteMatchSet`.
157
+ # @return [Types::ByteMatchTuple]
158
+ class ByteMatchSetUpdate < Struct.new(
159
+ :action,
160
+ :byte_match_tuple)
161
+ include Aws::Structure
162
+ end
163
+
164
+ # The bytes (typically a string that corresponds with ASCII characters)
165
+ # that you want AWS WAF to search for in web requests, the location in
166
+ # requests that you want AWS WAF to search, and other settings.
167
+ # @note When making an API call, pass ByteMatchTuple
168
+ # data as a hash:
169
+ #
170
+ # {
171
+ # field_to_match: { # required
172
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
173
+ # data: "MatchFieldData",
174
+ # },
175
+ # target_string: "data", # required
176
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
177
+ # positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
178
+ # }
179
+ # @!attribute [rw] field_to_match
180
+ # The part of a web request that you want AWS WAF to search, such as a
181
+ # specified header or a query string. For more information, see
182
+ # FieldToMatch.
183
+ # @return [Types::FieldToMatch]
184
+ #
185
+ # @!attribute [rw] target_string
186
+ # The value that you want AWS WAF to search for. AWS WAF searches for
187
+ # the specified string in the part of web requests that you specified
188
+ # in `FieldToMatch`. The maximum length of the value is 50 bytes.
189
+ #
190
+ # Valid values depend on the values that you specified for
191
+ # `FieldToMatch`\:
192
+ #
193
+ # * `HEADER`\: The value that you want AWS WAF to search for in the
194
+ # request header that you specified in FieldToMatch, for example,
195
+ # the value of the `User-Agent` or `Referer` header.
196
+ #
197
+ # * `METHOD`\: The HTTP method, which indicates the type of operation
198
+ # specified in the request. CloudFront supports the following
199
+ # methods: `DELETE`, `GET`, `HEAD`, `OPTIONS`, `PATCH`, `POST`, and
200
+ # `PUT`.
201
+ #
202
+ # * `QUERY_STRING`\: The value that you want AWS WAF to search for in
203
+ # the query string, which is the part of a URL that appears after a
204
+ # `?` character.
205
+ #
206
+ # * `URI`\: The value that you want AWS WAF to search for in the part
207
+ # of a URL that identifies a resource, for example,
208
+ # `/images/daily-ad.jpg`.
209
+ #
210
+ # * `BODY`\: The part of a request that contains any additional data
211
+ # that you want to send to your web server as the HTTP request body,
212
+ # such as data from a form. The request body immediately follows the
213
+ # request headers. Note that only the first `8192` bytes of the
214
+ # request body are forwarded to AWS WAF for inspection. To allow or
215
+ # block requests based on the length of the body, you can create a
216
+ # size constraint set. For more information, see
217
+ # CreateSizeConstraintSet.
218
+ #
219
+ # If `TargetString` includes alphabetic characters A-Z and a-z, note
220
+ # that the value is case sensitive.
221
+ #
222
+ # **If you're using the AWS WAF API**
223
+ #
224
+ # Specify a base64-encoded version of the value. The maximum length of
225
+ # the value before you base64-encode it is 50 bytes.
226
+ #
227
+ # For example, suppose the value of `Type` is `HEADER` and the value
228
+ # of `Data` is `User-Agent`. If you want to search the `User-Agent`
229
+ # header for the value `BadBot`, you base64-encode `BadBot` using MIME
230
+ # base64 encoding and include the resulting value, `QmFkQm90`, in the
231
+ # value of `TargetString`.
232
+ #
233
+ # **If you're using the AWS CLI or one of the AWS SDKs**
234
+ #
235
+ # The value that you want AWS WAF to search for. The SDK automatically
236
+ # base64 encodes the value.
237
+ # @return [String]
238
+ #
239
+ # @!attribute [rw] text_transformation
240
+ # Text transformations eliminate some of the unusual formatting that
241
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
242
+ # specify a transformation, AWS WAF performs the transformation on
243
+ # `TargetString` before inspecting a request for a match.
244
+ #
245
+ # **CMD\_LINE**
246
+ #
247
+ # When you're concerned that attackers are injecting an operating
248
+ # system commandline command and using unusual formatting to disguise
249
+ # some or all of the command, use this option to perform the following
250
+ # transformations:
251
+ #
252
+ # * Delete the following characters: \\ " ' ^
253
+ #
254
+ # * Delete spaces before the following characters: / (
255
+ #
256
+ # * Replace the following characters with a space: , ;
257
+ #
258
+ # * Replace multiple spaces with one space
259
+ #
260
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
261
+ #
262
+ # **COMPRESS\_WHITE\_SPACE**
263
+ #
264
+ # Use this option to replace the following characters with a space
265
+ # character (decimal 32):
266
+ #
267
+ # * \\f, formfeed, decimal 12
268
+ #
269
+ # * \\t, tab, decimal 9
270
+ #
271
+ # * \\n, newline, decimal 10
272
+ #
273
+ # * \\r, carriage return, decimal 13
274
+ #
275
+ # * \\v, vertical tab, decimal 11
276
+ #
277
+ # * non-breaking space, decimal 160
278
+ #
279
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
280
+ #
281
+ # **HTML\_ENTITY\_DECODE**
282
+ #
283
+ # Use this option to replace HTML-encoded characters with unencoded
284
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
285
+ #
286
+ # * Replaces `(ampersand)quot;` with `"`
287
+ #
288
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
289
+ #
290
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
291
+ #
292
+ # * Replaces `(ampersand)gt;` with `>`
293
+ #
294
+ # * Replaces characters that are represented in hexadecimal format,
295
+ # `(ampersand)#xhhhh;`, with the corresponding characters
296
+ #
297
+ # * Replaces characters that are represented in decimal format,
298
+ # `(ampersand)#nnnn;`, with the corresponding characters
299
+ #
300
+ # **LOWERCASE**
301
+ #
302
+ # Use this option to convert uppercase letters (A-Z) to lowercase
303
+ # (a-z).
304
+ #
305
+ # **URL\_DECODE**
306
+ #
307
+ # Use this option to decode a URL-encoded value.
308
+ #
309
+ # **NONE**
310
+ #
311
+ # Specify `NONE` if you don't want to perform any text
312
+ # transformations.
313
+ # @return [String]
314
+ #
315
+ # @!attribute [rw] positional_constraint
316
+ # Within the portion of a web request that you want to search (for
317
+ # example, in the query string, if any), specify where you want AWS
318
+ # WAF to search. Valid values include the following:
319
+ #
320
+ # **CONTAINS**
321
+ #
322
+ # The specified part of the web request must include the value of
323
+ # `TargetString`, but the location doesn't matter.
324
+ #
325
+ # **CONTAINS\_WORD**
326
+ #
327
+ # The specified part of the web request must include the value of
328
+ # `TargetString`, and `TargetString` must contain only alphanumeric
329
+ # characters or underscore (A-Z, a-z, 0-9, or \_). In addition,
330
+ # `TargetString` must be a word, which means one of the following:
331
+ #
332
+ # * `TargetString` exactly matches the value of the specified part of
333
+ # the web request, such as the value of a header.
334
+ #
335
+ # * `TargetString` is at the beginning of the specified part of the
336
+ # web request and is followed by a character other than an
337
+ # alphanumeric character or underscore (\_), for example, `BadBot;`.
338
+ #
339
+ # * `TargetString` is at the end of the specified part of the web
340
+ # request and is preceded by a character other than an alphanumeric
341
+ # character or underscore (\_), for example, `;BadBot`.
342
+ #
343
+ # * `TargetString` is in the middle of the specified part of the web
344
+ # request and is preceded and followed by characters other than
345
+ # alphanumeric characters or underscore (\_), for example,
346
+ # `-BadBot;`.
347
+ #
348
+ # **EXACTLY**
349
+ #
350
+ # The value of the specified part of the web request must exactly
351
+ # match the value of `TargetString`.
352
+ #
353
+ # **STARTS\_WITH**
354
+ #
355
+ # The value of `TargetString` must appear at the beginning of the
356
+ # specified part of the web request.
357
+ #
358
+ # **ENDS\_WITH**
359
+ #
360
+ # The value of `TargetString` must appear at the end of the specified
361
+ # part of the web request.
362
+ # @return [String]
363
+ class ByteMatchTuple < Struct.new(
364
+ :field_to_match,
365
+ :target_string,
366
+ :text_transformation,
367
+ :positional_constraint)
368
+ include Aws::Structure
369
+ end
370
+
371
+ # @note When making an API call, pass CreateByteMatchSetRequest
372
+ # data as a hash:
373
+ #
374
+ # {
375
+ # name: "ResourceName", # required
376
+ # change_token: "ChangeToken", # required
377
+ # }
378
+ # @!attribute [rw] name
379
+ # A friendly name or description of the ByteMatchSet. You can't
380
+ # change `Name` after you create a `ByteMatchSet`.
381
+ # @return [String]
382
+ #
383
+ # @!attribute [rw] change_token
384
+ # The value returned by the most recent call to GetChangeToken.
385
+ # @return [String]
386
+ class CreateByteMatchSetRequest < Struct.new(
387
+ :name,
388
+ :change_token)
389
+ include Aws::Structure
390
+ end
391
+
392
+ # @!attribute [rw] byte_match_set
393
+ # A ByteMatchSet that contains no `ByteMatchTuple` objects.
394
+ # @return [Types::ByteMatchSet]
395
+ #
396
+ # @!attribute [rw] change_token
397
+ # The `ChangeToken` that you used to submit the `CreateByteMatchSet`
398
+ # request. You can also use this value to query the status of the
399
+ # request. For more information, see GetChangeTokenStatus.
400
+ # @return [String]
401
+ class CreateByteMatchSetResponse < Struct.new(
402
+ :byte_match_set,
403
+ :change_token)
404
+ include Aws::Structure
405
+ end
406
+
407
+ # @note When making an API call, pass CreateIPSetRequest
408
+ # data as a hash:
409
+ #
410
+ # {
411
+ # name: "ResourceName", # required
412
+ # change_token: "ChangeToken", # required
413
+ # }
414
+ # @!attribute [rw] name
415
+ # A friendly name or description of the IPSet. You can't change
416
+ # `Name` after you create the `IPSet`.
417
+ # @return [String]
418
+ #
419
+ # @!attribute [rw] change_token
420
+ # The value returned by the most recent call to GetChangeToken.
421
+ # @return [String]
422
+ class CreateIPSetRequest < Struct.new(
423
+ :name,
424
+ :change_token)
425
+ include Aws::Structure
426
+ end
427
+
428
+ # @!attribute [rw] ip_set
429
+ # The IPSet returned in the `CreateIPSet` response.
430
+ # @return [Types::IPSet]
431
+ #
432
+ # @!attribute [rw] change_token
433
+ # The `ChangeToken` that you used to submit the `CreateIPSet` request.
434
+ # You can also use this value to query the status of the request. For
435
+ # more information, see GetChangeTokenStatus.
436
+ # @return [String]
437
+ class CreateIPSetResponse < Struct.new(
438
+ :ip_set,
439
+ :change_token)
440
+ include Aws::Structure
441
+ end
442
+
443
+ # @note When making an API call, pass CreateRuleRequest
444
+ # data as a hash:
445
+ #
446
+ # {
447
+ # name: "ResourceName", # required
448
+ # metric_name: "MetricName", # required
449
+ # change_token: "ChangeToken", # required
450
+ # }
451
+ # @!attribute [rw] name
452
+ # A friendly name or description of the Rule. You can't change the
453
+ # name of a `Rule` after you create it.
454
+ # @return [String]
455
+ #
456
+ # @!attribute [rw] metric_name
457
+ # A friendly name or description for the metrics for this `Rule`. The
458
+ # name can contain only alphanumeric characters (A-Z, a-z, 0-9); the
459
+ # name can't contain whitespace. You can't change the name of the
460
+ # metric after you create the `Rule`.
461
+ # @return [String]
462
+ #
463
+ # @!attribute [rw] change_token
464
+ # The value returned by the most recent call to GetChangeToken.
465
+ # @return [String]
466
+ class CreateRuleRequest < Struct.new(
467
+ :name,
468
+ :metric_name,
469
+ :change_token)
470
+ include Aws::Structure
471
+ end
472
+
473
+ # @!attribute [rw] rule
474
+ # The Rule returned in the `CreateRule` response.
475
+ # @return [Types::Rule]
476
+ #
477
+ # @!attribute [rw] change_token
478
+ # The `ChangeToken` that you used to submit the `CreateRule` request.
479
+ # You can also use this value to query the status of the request. For
480
+ # more information, see GetChangeTokenStatus.
481
+ # @return [String]
482
+ class CreateRuleResponse < Struct.new(
483
+ :rule,
484
+ :change_token)
485
+ include Aws::Structure
486
+ end
487
+
488
+ # @note When making an API call, pass CreateSizeConstraintSetRequest
489
+ # data as a hash:
490
+ #
491
+ # {
492
+ # name: "ResourceName", # required
493
+ # change_token: "ChangeToken", # required
494
+ # }
495
+ # @!attribute [rw] name
496
+ # A friendly name or description of the SizeConstraintSet. You can't
497
+ # change `Name` after you create a `SizeConstraintSet`.
498
+ # @return [String]
499
+ #
500
+ # @!attribute [rw] change_token
501
+ # The value returned by the most recent call to GetChangeToken.
502
+ # @return [String]
503
+ class CreateSizeConstraintSetRequest < Struct.new(
504
+ :name,
505
+ :change_token)
506
+ include Aws::Structure
507
+ end
508
+
509
+ # @!attribute [rw] size_constraint_set
510
+ # A SizeConstraintSet that contains no `SizeConstraint` objects.
511
+ # @return [Types::SizeConstraintSet]
512
+ #
513
+ # @!attribute [rw] change_token
514
+ # The `ChangeToken` that you used to submit the
515
+ # `CreateSizeConstraintSet` request. You can also use this value to
516
+ # query the status of the request. For more information, see
517
+ # GetChangeTokenStatus.
518
+ # @return [String]
519
+ class CreateSizeConstraintSetResponse < Struct.new(
520
+ :size_constraint_set,
521
+ :change_token)
522
+ include Aws::Structure
523
+ end
524
+
525
+ # A request to create a SqlInjectionMatchSet.
526
+ # @note When making an API call, pass CreateSqlInjectionMatchSetRequest
527
+ # data as a hash:
528
+ #
529
+ # {
530
+ # name: "ResourceName", # required
531
+ # change_token: "ChangeToken", # required
532
+ # }
533
+ # @!attribute [rw] name
534
+ # A friendly name or description for the SqlInjectionMatchSet that
535
+ # you're creating. You can't change `Name` after you create the
536
+ # `SqlInjectionMatchSet`.
537
+ # @return [String]
538
+ #
539
+ # @!attribute [rw] change_token
540
+ # The value returned by the most recent call to GetChangeToken.
541
+ # @return [String]
542
+ class CreateSqlInjectionMatchSetRequest < Struct.new(
543
+ :name,
544
+ :change_token)
545
+ include Aws::Structure
546
+ end
547
+
548
+ # The response to a `CreateSqlInjectionMatchSet` request.
549
+ # @!attribute [rw] sql_injection_match_set
550
+ # A SqlInjectionMatchSet.
551
+ # @return [Types::SqlInjectionMatchSet]
552
+ #
553
+ # @!attribute [rw] change_token
554
+ # The `ChangeToken` that you used to submit the
555
+ # `CreateSqlInjectionMatchSet` request. You can also use this value to
556
+ # query the status of the request. For more information, see
557
+ # GetChangeTokenStatus.
558
+ # @return [String]
559
+ class CreateSqlInjectionMatchSetResponse < Struct.new(
560
+ :sql_injection_match_set,
561
+ :change_token)
562
+ include Aws::Structure
563
+ end
564
+
565
+ # @note When making an API call, pass CreateWebACLRequest
566
+ # data as a hash:
567
+ #
568
+ # {
569
+ # name: "ResourceName", # required
570
+ # metric_name: "MetricName", # required
571
+ # default_action: { # required
572
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
573
+ # },
574
+ # change_token: "ChangeToken", # required
575
+ # }
576
+ # @!attribute [rw] name
577
+ # A friendly name or description of the WebACL. You can't change
578
+ # `Name` after you create the `WebACL`.
579
+ # @return [String]
580
+ #
581
+ # @!attribute [rw] metric_name
582
+ # A friendly name or description for the metrics for this `WebACL`.
583
+ # The name can contain only alphanumeric characters (A-Z, a-z, 0-9);
584
+ # the name can't contain whitespace. You can't change `MetricName`
585
+ # after you create the `WebACL`.
586
+ # @return [String]
587
+ #
588
+ # @!attribute [rw] default_action
589
+ # The action that you want AWS WAF to take when a request doesn't
590
+ # match the criteria specified in any of the `Rule` objects that are
591
+ # associated with the `WebACL`.
592
+ # @return [Types::WafAction]
593
+ #
594
+ # @!attribute [rw] change_token
595
+ # The value returned by the most recent call to GetChangeToken.
596
+ # @return [String]
597
+ class CreateWebACLRequest < Struct.new(
598
+ :name,
599
+ :metric_name,
600
+ :default_action,
601
+ :change_token)
602
+ include Aws::Structure
603
+ end
604
+
605
+ # @!attribute [rw] web_acl
606
+ # The WebACL returned in the `CreateWebACL` response.
607
+ # @return [Types::WebACL]
608
+ #
609
+ # @!attribute [rw] change_token
610
+ # The `ChangeToken` that you used to submit the `CreateWebACL`
611
+ # request. You can also use this value to query the status of the
612
+ # request. For more information, see GetChangeTokenStatus.
613
+ # @return [String]
614
+ class CreateWebACLResponse < Struct.new(
615
+ :web_acl,
616
+ :change_token)
617
+ include Aws::Structure
618
+ end
619
+
620
+ # A request to create an XssMatchSet.
621
+ # @note When making an API call, pass CreateXssMatchSetRequest
622
+ # data as a hash:
623
+ #
624
+ # {
625
+ # name: "ResourceName", # required
626
+ # change_token: "ChangeToken", # required
627
+ # }
628
+ # @!attribute [rw] name
629
+ # A friendly name or description for the XssMatchSet that you're
630
+ # creating. You can't change `Name` after you create the
631
+ # `XssMatchSet`.
632
+ # @return [String]
633
+ #
634
+ # @!attribute [rw] change_token
635
+ # The value returned by the most recent call to GetChangeToken.
636
+ # @return [String]
637
+ class CreateXssMatchSetRequest < Struct.new(
638
+ :name,
639
+ :change_token)
640
+ include Aws::Structure
641
+ end
642
+
643
+ # The response to a `CreateXssMatchSet` request.
644
+ # @!attribute [rw] xss_match_set
645
+ # An XssMatchSet.
646
+ # @return [Types::XssMatchSet]
647
+ #
648
+ # @!attribute [rw] change_token
649
+ # The `ChangeToken` that you used to submit the `CreateXssMatchSet`
650
+ # request. You can also use this value to query the status of the
651
+ # request. For more information, see GetChangeTokenStatus.
652
+ # @return [String]
653
+ class CreateXssMatchSetResponse < Struct.new(
654
+ :xss_match_set,
655
+ :change_token)
656
+ include Aws::Structure
657
+ end
658
+
659
+ # @note When making an API call, pass DeleteByteMatchSetRequest
660
+ # data as a hash:
661
+ #
662
+ # {
663
+ # byte_match_set_id: "ResourceId", # required
664
+ # change_token: "ChangeToken", # required
665
+ # }
666
+ # @!attribute [rw] byte_match_set_id
667
+ # The `ByteMatchSetId` of the ByteMatchSet that you want to delete.
668
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
669
+ # ListByteMatchSets.
670
+ # @return [String]
671
+ #
672
+ # @!attribute [rw] change_token
673
+ # The value returned by the most recent call to GetChangeToken.
674
+ # @return [String]
675
+ class DeleteByteMatchSetRequest < Struct.new(
676
+ :byte_match_set_id,
677
+ :change_token)
678
+ include Aws::Structure
679
+ end
680
+
681
+ # @!attribute [rw] change_token
682
+ # The `ChangeToken` that you used to submit the `DeleteByteMatchSet`
683
+ # request. You can also use this value to query the status of the
684
+ # request. For more information, see GetChangeTokenStatus.
685
+ # @return [String]
686
+ class DeleteByteMatchSetResponse < Struct.new(
687
+ :change_token)
688
+ include Aws::Structure
689
+ end
690
+
691
+ # @note When making an API call, pass DeleteIPSetRequest
692
+ # data as a hash:
693
+ #
694
+ # {
695
+ # ip_set_id: "ResourceId", # required
696
+ # change_token: "ChangeToken", # required
697
+ # }
698
+ # @!attribute [rw] ip_set_id
699
+ # The `IPSetId` of the IPSet that you want to delete. `IPSetId` is
700
+ # returned by CreateIPSet and by ListIPSets.
701
+ # @return [String]
702
+ #
703
+ # @!attribute [rw] change_token
704
+ # The value returned by the most recent call to GetChangeToken.
705
+ # @return [String]
706
+ class DeleteIPSetRequest < Struct.new(
707
+ :ip_set_id,
708
+ :change_token)
709
+ include Aws::Structure
710
+ end
711
+
712
+ # @!attribute [rw] change_token
713
+ # The `ChangeToken` that you used to submit the `DeleteIPSet` request.
714
+ # You can also use this value to query the status of the request. For
715
+ # more information, see GetChangeTokenStatus.
716
+ # @return [String]
717
+ class DeleteIPSetResponse < Struct.new(
718
+ :change_token)
719
+ include Aws::Structure
720
+ end
721
+
722
+ # @note When making an API call, pass DeleteRuleRequest
723
+ # data as a hash:
724
+ #
725
+ # {
726
+ # rule_id: "ResourceId", # required
727
+ # change_token: "ChangeToken", # required
728
+ # }
729
+ # @!attribute [rw] rule_id
730
+ # The `RuleId` of the Rule that you want to delete. `RuleId` is
731
+ # returned by CreateRule and by ListRules.
732
+ # @return [String]
733
+ #
734
+ # @!attribute [rw] change_token
735
+ # The value returned by the most recent call to GetChangeToken.
736
+ # @return [String]
737
+ class DeleteRuleRequest < Struct.new(
738
+ :rule_id,
739
+ :change_token)
740
+ include Aws::Structure
741
+ end
742
+
743
+ # @!attribute [rw] change_token
744
+ # The `ChangeToken` that you used to submit the `DeleteRule` request.
745
+ # You can also use this value to query the status of the request. For
746
+ # more information, see GetChangeTokenStatus.
747
+ # @return [String]
748
+ class DeleteRuleResponse < Struct.new(
749
+ :change_token)
750
+ include Aws::Structure
751
+ end
752
+
753
+ # @note When making an API call, pass DeleteSizeConstraintSetRequest
754
+ # data as a hash:
755
+ #
756
+ # {
757
+ # size_constraint_set_id: "ResourceId", # required
758
+ # change_token: "ChangeToken", # required
759
+ # }
760
+ # @!attribute [rw] size_constraint_set_id
761
+ # The `SizeConstraintSetId` of the SizeConstraintSet that you want to
762
+ # delete. `SizeConstraintSetId` is returned by CreateSizeConstraintSet
763
+ # and by ListSizeConstraintSets.
764
+ # @return [String]
765
+ #
766
+ # @!attribute [rw] change_token
767
+ # The value returned by the most recent call to GetChangeToken.
768
+ # @return [String]
769
+ class DeleteSizeConstraintSetRequest < Struct.new(
770
+ :size_constraint_set_id,
771
+ :change_token)
772
+ include Aws::Structure
773
+ end
774
+
775
+ # @!attribute [rw] change_token
776
+ # The `ChangeToken` that you used to submit the
777
+ # `DeleteSizeConstraintSet` request. You can also use this value to
778
+ # query the status of the request. For more information, see
779
+ # GetChangeTokenStatus.
780
+ # @return [String]
781
+ class DeleteSizeConstraintSetResponse < Struct.new(
782
+ :change_token)
783
+ include Aws::Structure
784
+ end
785
+
786
+ # A request to delete a SqlInjectionMatchSet from AWS WAF.
787
+ # @note When making an API call, pass DeleteSqlInjectionMatchSetRequest
788
+ # data as a hash:
789
+ #
790
+ # {
791
+ # sql_injection_match_set_id: "ResourceId", # required
792
+ # change_token: "ChangeToken", # required
793
+ # }
794
+ # @!attribute [rw] sql_injection_match_set_id
795
+ # The `SqlInjectionMatchSetId` of the SqlInjectionMatchSet that you
796
+ # want to delete. `SqlInjectionMatchSetId` is returned by
797
+ # CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.
798
+ # @return [String]
799
+ #
800
+ # @!attribute [rw] change_token
801
+ # The value returned by the most recent call to GetChangeToken.
802
+ # @return [String]
803
+ class DeleteSqlInjectionMatchSetRequest < Struct.new(
804
+ :sql_injection_match_set_id,
805
+ :change_token)
806
+ include Aws::Structure
807
+ end
808
+
809
+ # The response to a request to delete a SqlInjectionMatchSet from AWS
810
+ # WAF.
811
+ # @!attribute [rw] change_token
812
+ # The `ChangeToken` that you used to submit the
813
+ # `DeleteSqlInjectionMatchSet` request. You can also use this value to
814
+ # query the status of the request. For more information, see
815
+ # GetChangeTokenStatus.
816
+ # @return [String]
817
+ class DeleteSqlInjectionMatchSetResponse < Struct.new(
818
+ :change_token)
819
+ include Aws::Structure
820
+ end
821
+
822
+ # @note When making an API call, pass DeleteWebACLRequest
823
+ # data as a hash:
824
+ #
825
+ # {
826
+ # web_acl_id: "ResourceId", # required
827
+ # change_token: "ChangeToken", # required
828
+ # }
829
+ # @!attribute [rw] web_acl_id
830
+ # The `WebACLId` of the WebACL that you want to delete. `WebACLId` is
831
+ # returned by CreateWebACL and by ListWebACLs.
832
+ # @return [String]
833
+ #
834
+ # @!attribute [rw] change_token
835
+ # The value returned by the most recent call to GetChangeToken.
836
+ # @return [String]
837
+ class DeleteWebACLRequest < Struct.new(
838
+ :web_acl_id,
839
+ :change_token)
840
+ include Aws::Structure
841
+ end
842
+
843
+ # @!attribute [rw] change_token
844
+ # The `ChangeToken` that you used to submit the `DeleteWebACL`
845
+ # request. You can also use this value to query the status of the
846
+ # request. For more information, see GetChangeTokenStatus.
847
+ # @return [String]
848
+ class DeleteWebACLResponse < Struct.new(
849
+ :change_token)
850
+ include Aws::Structure
851
+ end
852
+
853
+ # A request to delete an XssMatchSet from AWS WAF.
854
+ # @note When making an API call, pass DeleteXssMatchSetRequest
855
+ # data as a hash:
856
+ #
857
+ # {
858
+ # xss_match_set_id: "ResourceId", # required
859
+ # change_token: "ChangeToken", # required
860
+ # }
861
+ # @!attribute [rw] xss_match_set_id
862
+ # The `XssMatchSetId` of the XssMatchSet that you want to delete.
863
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
864
+ # ListXssMatchSets.
865
+ # @return [String]
866
+ #
867
+ # @!attribute [rw] change_token
868
+ # The value returned by the most recent call to GetChangeToken.
869
+ # @return [String]
870
+ class DeleteXssMatchSetRequest < Struct.new(
871
+ :xss_match_set_id,
872
+ :change_token)
873
+ include Aws::Structure
874
+ end
875
+
876
+ # The response to a request to delete an XssMatchSet from AWS WAF.
877
+ # @!attribute [rw] change_token
878
+ # The `ChangeToken` that you used to submit the `DeleteXssMatchSet`
879
+ # request. You can also use this value to query the status of the
880
+ # request. For more information, see GetChangeTokenStatus.
881
+ # @return [String]
882
+ class DeleteXssMatchSetResponse < Struct.new(
883
+ :change_token)
884
+ include Aws::Structure
885
+ end
886
+
887
+ # Specifies where in a web request to look for `TargetString`.
888
+ # @note When making an API call, pass FieldToMatch
889
+ # data as a hash:
890
+ #
891
+ # {
892
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
893
+ # data: "MatchFieldData",
894
+ # }
895
+ # @!attribute [rw] type
896
+ # The part of the web request that you want AWS WAF to search for a
897
+ # specified string. Parts of a request that you can search include the
898
+ # following:
899
+ #
900
+ # * `HEADER`\: A specified request header, for example, the value of
901
+ # the `User-Agent` or `Referer` header. If you choose `HEADER` for
902
+ # the type, specify the name of the header in `Data`.
903
+ #
904
+ # * `METHOD`\: The HTTP method, which indicated the type of operation
905
+ # that the request is asking the origin to perform. Amazon
906
+ # CloudFront supports the following methods: `DELETE`, `GET`,
907
+ # `HEAD`, `OPTIONS`, `PATCH`, `POST`, and `PUT`.
908
+ #
909
+ # * `QUERY_STRING`\: A query string, which is the part of a URL that
910
+ # appears after a `?` character, if any.
911
+ #
912
+ # * `URI`\: The part of a web request that identifies a resource, for
913
+ # example, `/images/daily-ad.jpg`.
914
+ #
915
+ # * `BODY`\: The part of a request that contains any additional data
916
+ # that you want to send to your web server as the HTTP request body,
917
+ # such as data from a form. The request body immediately follows the
918
+ # request headers. Note that only the first `8192` bytes of the
919
+ # request body are forwarded to AWS WAF for inspection. To allow or
920
+ # block requests based on the length of the body, you can create a
921
+ # size constraint set. For more information, see
922
+ # CreateSizeConstraintSet.
923
+ # @return [String]
924
+ #
925
+ # @!attribute [rw] data
926
+ # When the value of `Type` is `HEADER`, enter the name of the header
927
+ # that you want AWS WAF to search, for example, `User-Agent` or
928
+ # `Referer`. If the value of `Type` is any other value, omit `Data`.
929
+ #
930
+ # The name of the header is not case sensitive.
931
+ # @return [String]
932
+ class FieldToMatch < Struct.new(
933
+ :type,
934
+ :data)
935
+ include Aws::Structure
936
+ end
937
+
938
+ # @note When making an API call, pass GetByteMatchSetRequest
939
+ # data as a hash:
940
+ #
941
+ # {
942
+ # byte_match_set_id: "ResourceId", # required
943
+ # }
944
+ # @!attribute [rw] byte_match_set_id
945
+ # The `ByteMatchSetId` of the ByteMatchSet that you want to get.
946
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
947
+ # ListByteMatchSets.
948
+ # @return [String]
949
+ class GetByteMatchSetRequest < Struct.new(
950
+ :byte_match_set_id)
951
+ include Aws::Structure
952
+ end
953
+
954
+ # @!attribute [rw] byte_match_set
955
+ # Information about the ByteMatchSet that you specified in the
956
+ # `GetByteMatchSet` request. For more information, see the following
957
+ # topics:
958
+ #
959
+ # * ByteMatchSet: Contains `ByteMatchSetId`, `ByteMatchTuples`, and
960
+ # `Name`
961
+ #
962
+ # * `ByteMatchTuples`\: Contains an array of ByteMatchTuple objects.
963
+ # Each `ByteMatchTuple` object contains FieldToMatch,
964
+ # `PositionalConstraint`, `TargetString`, and `TextTransformation`
965
+ #
966
+ # * FieldToMatch: Contains `Data` and `Type`
967
+ # @return [Types::ByteMatchSet]
968
+ class GetByteMatchSetResponse < Struct.new(
969
+ :byte_match_set)
970
+ include Aws::Structure
971
+ end
972
+
973
+ # @api private
974
+ class GetChangeTokenRequest < Aws::EmptyStructure; end
975
+
976
+ # @!attribute [rw] change_token
977
+ # The `ChangeToken` that you used in the request. Use this value in a
978
+ # `GetChangeTokenStatus` request to get the current status of the
979
+ # request.
980
+ # @return [String]
981
+ class GetChangeTokenResponse < Struct.new(
982
+ :change_token)
983
+ include Aws::Structure
984
+ end
985
+
986
+ # @note When making an API call, pass GetChangeTokenStatusRequest
987
+ # data as a hash:
988
+ #
989
+ # {
990
+ # change_token: "ChangeToken", # required
991
+ # }
992
+ # @!attribute [rw] change_token
993
+ # The change token for which you want to get the status. This change
994
+ # token was previously returned in the `GetChangeToken` response.
995
+ # @return [String]
996
+ class GetChangeTokenStatusRequest < Struct.new(
997
+ :change_token)
998
+ include Aws::Structure
999
+ end
1000
+
1001
+ # @!attribute [rw] change_token_status
1002
+ # The status of the change token.
1003
+ # @return [String]
1004
+ class GetChangeTokenStatusResponse < Struct.new(
1005
+ :change_token_status)
1006
+ include Aws::Structure
1007
+ end
1008
+
1009
+ # @note When making an API call, pass GetIPSetRequest
1010
+ # data as a hash:
1011
+ #
1012
+ # {
1013
+ # ip_set_id: "ResourceId", # required
1014
+ # }
1015
+ # @!attribute [rw] ip_set_id
1016
+ # The `IPSetId` of the IPSet that you want to get. `IPSetId` is
1017
+ # returned by CreateIPSet and by ListIPSets.
1018
+ # @return [String]
1019
+ class GetIPSetRequest < Struct.new(
1020
+ :ip_set_id)
1021
+ include Aws::Structure
1022
+ end
1023
+
1024
+ # @!attribute [rw] ip_set
1025
+ # Information about the IPSet that you specified in the `GetIPSet`
1026
+ # request. For more information, see the following topics:
1027
+ #
1028
+ # * IPSet: Contains `IPSetDescriptors`, `IPSetId`, and `Name`
1029
+ #
1030
+ # * `IPSetDescriptors`\: Contains an array of IPSetDescriptor objects.
1031
+ # Each `IPSetDescriptor` object contains `Type` and `Value`
1032
+ # @return [Types::IPSet]
1033
+ class GetIPSetResponse < Struct.new(
1034
+ :ip_set)
1035
+ include Aws::Structure
1036
+ end
1037
+
1038
+ # @note When making an API call, pass GetRuleRequest
1039
+ # data as a hash:
1040
+ #
1041
+ # {
1042
+ # rule_id: "ResourceId", # required
1043
+ # }
1044
+ # @!attribute [rw] rule_id
1045
+ # The `RuleId` of the Rule that you want to get. `RuleId` is returned
1046
+ # by CreateRule and by ListRules.
1047
+ # @return [String]
1048
+ class GetRuleRequest < Struct.new(
1049
+ :rule_id)
1050
+ include Aws::Structure
1051
+ end
1052
+
1053
+ # @!attribute [rw] rule
1054
+ # Information about the Rule that you specified in the `GetRule`
1055
+ # request. For more information, see the following topics:
1056
+ #
1057
+ # * Rule: Contains `MetricName`, `Name`, an array of `Predicate`
1058
+ # objects, and `RuleId`
1059
+ #
1060
+ # * Predicate: Each `Predicate` object contains `DataId`, `Negated`,
1061
+ # and `Type`
1062
+ # @return [Types::Rule]
1063
+ class GetRuleResponse < Struct.new(
1064
+ :rule)
1065
+ include Aws::Structure
1066
+ end
1067
+
1068
+ # @note When making an API call, pass GetSampledRequestsRequest
1069
+ # data as a hash:
1070
+ #
1071
+ # {
1072
+ # web_acl_id: "ResourceId", # required
1073
+ # rule_id: "ResourceId", # required
1074
+ # time_window: { # required
1075
+ # start_time: Time.now, # required
1076
+ # end_time: Time.now, # required
1077
+ # },
1078
+ # max_items: 1, # required
1079
+ # }
1080
+ # @!attribute [rw] web_acl_id
1081
+ # The `WebACLId` of the `WebACL` for which you want
1082
+ # `GetSampledRequests` to return a sample of requests.
1083
+ # @return [String]
1084
+ #
1085
+ # @!attribute [rw] rule_id
1086
+ # `RuleId` is one of two values:
1087
+ #
1088
+ # * The `RuleId` of the `Rule` for which you want `GetSampledRequests`
1089
+ # to return a sample of requests.
1090
+ #
1091
+ # * `Default_Action`, which causes `GetSampledRequests` to return a
1092
+ # sample of the requests that didn't match any of the rules in the
1093
+ # specified `WebACL`.
1094
+ # @return [String]
1095
+ #
1096
+ # @!attribute [rw] time_window
1097
+ # The start date and time and the end date and time of the range for
1098
+ # which you want `GetSampledRequests` to return a sample of requests.
1099
+ # Specify the date and time in Unix time format (in seconds). You can
1100
+ # specify any time range in the previous three hours.
1101
+ # @return [Types::TimeWindow]
1102
+ #
1103
+ # @!attribute [rw] max_items
1104
+ # The number of requests that you want AWS WAF to return from among
1105
+ # the first 5,000 requests that your AWS resource received during the
1106
+ # time range. If your resource received fewer requests than the value
1107
+ # of `MaxItems`, `GetSampledRequests` returns information about all of
1108
+ # them.
1109
+ # @return [Integer]
1110
+ class GetSampledRequestsRequest < Struct.new(
1111
+ :web_acl_id,
1112
+ :rule_id,
1113
+ :time_window,
1114
+ :max_items)
1115
+ include Aws::Structure
1116
+ end
1117
+
1118
+ # @!attribute [rw] sampled_requests
1119
+ # A complex type that contains detailed information about each of the
1120
+ # requests in the sample.
1121
+ # @return [Array<Types::SampledHTTPRequest>]
1122
+ #
1123
+ # @!attribute [rw] population_size
1124
+ # The total number of requests from which `GetSampledRequests` got a
1125
+ # sample of `MaxItems` requests. If `PopulationSize` is less than
1126
+ # `MaxItems`, the sample includes every request that your AWS resource
1127
+ # received during the specified time range.
1128
+ # @return [Integer]
1129
+ #
1130
+ # @!attribute [rw] time_window
1131
+ # Usually, `TimeWindow` is the time range that you specified in the
1132
+ # `GetSampledRequests` request. However, if your AWS resource received
1133
+ # more than 5,000 requests during the time range that you specified in
1134
+ # the request, `GetSampledRequests` returns the time range for the
1135
+ # first 5,000 requests.
1136
+ # @return [Types::TimeWindow]
1137
+ class GetSampledRequestsResponse < Struct.new(
1138
+ :sampled_requests,
1139
+ :population_size,
1140
+ :time_window)
1141
+ include Aws::Structure
1142
+ end
1143
+
1144
+ # @note When making an API call, pass GetSizeConstraintSetRequest
1145
+ # data as a hash:
1146
+ #
1147
+ # {
1148
+ # size_constraint_set_id: "ResourceId", # required
1149
+ # }
1150
+ # @!attribute [rw] size_constraint_set_id
1151
+ # The `SizeConstraintSetId` of the SizeConstraintSet that you want to
1152
+ # get. `SizeConstraintSetId` is returned by CreateSizeConstraintSet
1153
+ # and by ListSizeConstraintSets.
1154
+ # @return [String]
1155
+ class GetSizeConstraintSetRequest < Struct.new(
1156
+ :size_constraint_set_id)
1157
+ include Aws::Structure
1158
+ end
1159
+
1160
+ # @!attribute [rw] size_constraint_set
1161
+ # Information about the SizeConstraintSet that you specified in the
1162
+ # `GetSizeConstraintSet` request. For more information, see the
1163
+ # following topics:
1164
+ #
1165
+ # * SizeConstraintSet: Contains `SizeConstraintSetId`,
1166
+ # `SizeConstraints`, and `Name`
1167
+ #
1168
+ # * `SizeConstraints`\: Contains an array of SizeConstraint objects.
1169
+ # Each `SizeConstraint` object contains FieldToMatch,
1170
+ # `TextTransformation`, `ComparisonOperator`, and `Size`
1171
+ #
1172
+ # * FieldToMatch: Contains `Data` and `Type`
1173
+ # @return [Types::SizeConstraintSet]
1174
+ class GetSizeConstraintSetResponse < Struct.new(
1175
+ :size_constraint_set)
1176
+ include Aws::Structure
1177
+ end
1178
+
1179
+ # A request to get a SqlInjectionMatchSet.
1180
+ # @note When making an API call, pass GetSqlInjectionMatchSetRequest
1181
+ # data as a hash:
1182
+ #
1183
+ # {
1184
+ # sql_injection_match_set_id: "ResourceId", # required
1185
+ # }
1186
+ # @!attribute [rw] sql_injection_match_set_id
1187
+ # The `SqlInjectionMatchSetId` of the SqlInjectionMatchSet that you
1188
+ # want to get. `SqlInjectionMatchSetId` is returned by
1189
+ # CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.
1190
+ # @return [String]
1191
+ class GetSqlInjectionMatchSetRequest < Struct.new(
1192
+ :sql_injection_match_set_id)
1193
+ include Aws::Structure
1194
+ end
1195
+
1196
+ # The response to a GetSqlInjectionMatchSet request.
1197
+ # @!attribute [rw] sql_injection_match_set
1198
+ # Information about the SqlInjectionMatchSet that you specified in the
1199
+ # `GetSqlInjectionMatchSet` request. For more information, see the
1200
+ # following topics:
1201
+ #
1202
+ # * SqlInjectionMatchSet: Contains `Name`, `SqlInjectionMatchSetId`,
1203
+ # and an array of `SqlInjectionMatchTuple` objects
1204
+ #
1205
+ # * SqlInjectionMatchTuple: Each `SqlInjectionMatchTuple` object
1206
+ # contains `FieldToMatch` and `TextTransformation`
1207
+ #
1208
+ # * FieldToMatch: Contains `Data` and `Type`
1209
+ # @return [Types::SqlInjectionMatchSet]
1210
+ class GetSqlInjectionMatchSetResponse < Struct.new(
1211
+ :sql_injection_match_set)
1212
+ include Aws::Structure
1213
+ end
1214
+
1215
+ # @note When making an API call, pass GetWebACLRequest
1216
+ # data as a hash:
1217
+ #
1218
+ # {
1219
+ # web_acl_id: "ResourceId", # required
1220
+ # }
1221
+ # @!attribute [rw] web_acl_id
1222
+ # The `WebACLId` of the WebACL that you want to get. `WebACLId` is
1223
+ # returned by CreateWebACL and by ListWebACLs.
1224
+ # @return [String]
1225
+ class GetWebACLRequest < Struct.new(
1226
+ :web_acl_id)
1227
+ include Aws::Structure
1228
+ end
1229
+
1230
+ # @!attribute [rw] web_acl
1231
+ # Information about the WebACL that you specified in the `GetWebACL`
1232
+ # request. For more information, see the following topics:
1233
+ #
1234
+ # * WebACL: Contains `DefaultAction`, `MetricName`, `Name`, an array
1235
+ # of `Rule` objects, and `WebACLId`
1236
+ #
1237
+ # * `DefaultAction` (Data type is WafAction): Contains `Type`
1238
+ #
1239
+ # * `Rules`\: Contains an array of `ActivatedRule` objects, which
1240
+ # contain `Action`, `Priority`, and `RuleId`
1241
+ #
1242
+ # * `Action`\: Contains `Type`
1243
+ # @return [Types::WebACL]
1244
+ class GetWebACLResponse < Struct.new(
1245
+ :web_acl)
1246
+ include Aws::Structure
1247
+ end
1248
+
1249
+ # A request to get an XssMatchSet.
1250
+ # @note When making an API call, pass GetXssMatchSetRequest
1251
+ # data as a hash:
1252
+ #
1253
+ # {
1254
+ # xss_match_set_id: "ResourceId", # required
1255
+ # }
1256
+ # @!attribute [rw] xss_match_set_id
1257
+ # The `XssMatchSetId` of the XssMatchSet that you want to get.
1258
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
1259
+ # ListXssMatchSets.
1260
+ # @return [String]
1261
+ class GetXssMatchSetRequest < Struct.new(
1262
+ :xss_match_set_id)
1263
+ include Aws::Structure
1264
+ end
1265
+
1266
+ # The response to a GetXssMatchSet request.
1267
+ # @!attribute [rw] xss_match_set
1268
+ # Information about the XssMatchSet that you specified in the
1269
+ # `GetXssMatchSet` request. For more information, see the following
1270
+ # topics:
1271
+ #
1272
+ # * XssMatchSet: Contains `Name`, `XssMatchSetId`, and an array of
1273
+ # `XssMatchTuple` objects
1274
+ #
1275
+ # * XssMatchTuple: Each `XssMatchTuple` object contains `FieldToMatch`
1276
+ # and `TextTransformation`
1277
+ #
1278
+ # * FieldToMatch: Contains `Data` and `Type`
1279
+ # @return [Types::XssMatchSet]
1280
+ class GetXssMatchSetResponse < Struct.new(
1281
+ :xss_match_set)
1282
+ include Aws::Structure
1283
+ end
1284
+
1285
+ # The response from a GetSampledRequests request includes an
1286
+ # `HTTPHeader` complex type that appears as `Headers` in the response
1287
+ # syntax. `HTTPHeader` contains the names and values of all of the
1288
+ # headers that appear in one of the web requests that were returned by
1289
+ # `GetSampledRequests`.
1290
+ # @!attribute [rw] name
1291
+ # The name of one of the headers in the sampled web request.
1292
+ # @return [String]
1293
+ #
1294
+ # @!attribute [rw] value
1295
+ # The value of one of the headers in the sampled web request.
1296
+ # @return [String]
1297
+ class HTTPHeader < Struct.new(
1298
+ :name,
1299
+ :value)
1300
+ include Aws::Structure
1301
+ end
1302
+
1303
+ # The response from a GetSampledRequests request includes an
1304
+ # `HTTPRequest` complex type that appears as `Request` in the response
1305
+ # syntax. `HTTPRequest` contains information about one of the web
1306
+ # requests that were returned by `GetSampledRequests`.
1307
+ # @!attribute [rw] client_ip
1308
+ # The IP address that the request originated from. If the `WebACL` is
1309
+ # associated with a CloudFront distribution, this is the value of one
1310
+ # of the following fields in CloudFront access logs:
1311
+ #
1312
+ # * `c-ip`, if the viewer did not use an HTTP proxy or a load balancer
1313
+ # to send the request
1314
+ #
1315
+ # * `x-forwarded-for`, if the viewer did use an HTTP proxy or a load
1316
+ # balancer to send the request
1317
+ # @return [String]
1318
+ #
1319
+ # @!attribute [rw] country
1320
+ # The two-letter country code for the country that the request
1321
+ # originated from. For a current list of country codes, see the
1322
+ # Wikipedia entry [ISO 3166-1 alpha-2][1].
1323
+ #
1324
+ #
1325
+ #
1326
+ # [1]: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
1327
+ # @return [String]
1328
+ #
1329
+ # @!attribute [rw] uri
1330
+ # The part of a web request that identifies the resource, for example,
1331
+ # `/images/daily-ad.jpg`.
1332
+ # @return [String]
1333
+ #
1334
+ # @!attribute [rw] method
1335
+ # The HTTP method specified in the sampled web request. CloudFront
1336
+ # supports the following methods: `DELETE`, `GET`, `HEAD`, `OPTIONS`,
1337
+ # `PATCH`, `POST`, and `PUT`.
1338
+ # @return [String]
1339
+ #
1340
+ # @!attribute [rw] http_version
1341
+ # The HTTP version specified in the sampled web request, for example,
1342
+ # `HTTP/1.1`.
1343
+ # @return [String]
1344
+ #
1345
+ # @!attribute [rw] headers
1346
+ # A complex type that contains two values for each header in the
1347
+ # sampled web request: the name of the header and the value of the
1348
+ # header.
1349
+ # @return [Array<Types::HTTPHeader>]
1350
+ class HTTPRequest < Struct.new(
1351
+ :client_ip,
1352
+ :country,
1353
+ :uri,
1354
+ :method,
1355
+ :http_version,
1356
+ :headers)
1357
+ include Aws::Structure
1358
+ end
1359
+
1360
+ # Contains one or more IP addresses or blocks of IP addresses specified
1361
+ # in Classless Inter-Domain Routing (CIDR) notation. To specify an
1362
+ # individual IP address, you specify the four-part IP address followed
1363
+ # by a `/32`, for example, 192.0.2.0/31. To block a range of IP
1364
+ # addresses, you can specify a `/24`, a `/16`, or a `/8` CIDR. For more
1365
+ # information about CIDR notation, perform an Internet search on `cidr
1366
+ # notation`.
1367
+ # @!attribute [rw] ip_set_id
1368
+ # The `IPSetId` for an `IPSet`. You use `IPSetId` to get information
1369
+ # about an `IPSet` (see GetIPSet), update an `IPSet` (see
1370
+ # UpdateIPSet), insert an `IPSet` into a `Rule` or delete one from a
1371
+ # `Rule` (see UpdateRule), and delete an `IPSet` from AWS WAF (see
1372
+ # DeleteIPSet).
1373
+ #
1374
+ # `IPSetId` is returned by CreateIPSet and by ListIPSets.
1375
+ # @return [String]
1376
+ #
1377
+ # @!attribute [rw] name
1378
+ # A friendly name or description of the IPSet. You can't change the
1379
+ # name of an `IPSet` after you create it.
1380
+ # @return [String]
1381
+ #
1382
+ # @!attribute [rw] ip_set_descriptors
1383
+ # The IP address type (`IPV4`) and the IP address range (in CIDR
1384
+ # notation) that web requests originate from. If the `WebACL` is
1385
+ # associated with a CloudFront distribution, this is the value of one
1386
+ # of the following fields in CloudFront access logs:
1387
+ #
1388
+ # * `c-ip`, if the viewer did not use an HTTP proxy or a load balancer
1389
+ # to send the request
1390
+ #
1391
+ # * `x-forwarded-for`, if the viewer did use an HTTP proxy or a load
1392
+ # balancer to send the request
1393
+ # @return [Array<Types::IPSetDescriptor>]
1394
+ class IPSet < Struct.new(
1395
+ :ip_set_id,
1396
+ :name,
1397
+ :ip_set_descriptors)
1398
+ include Aws::Structure
1399
+ end
1400
+
1401
+ # Specifies the IP address type (`IPV4`) and the IP address range (in
1402
+ # CIDR format) that web requests originate from.
1403
+ # @note When making an API call, pass IPSetDescriptor
1404
+ # data as a hash:
1405
+ #
1406
+ # {
1407
+ # type: "IPV4", # required, accepts IPV4, IPV6
1408
+ # value: "IPSetDescriptorValue", # required
1409
+ # }
1410
+ # @!attribute [rw] type
1411
+ # Specify `IPV4`.
1412
+ # @return [String]
1413
+ #
1414
+ # @!attribute [rw] value
1415
+ # Specify an IPv4 address by using CIDR notation. For example:
1416
+ #
1417
+ # * To configure AWS WAF to allow, block, or count requests that
1418
+ # originated from the IP address 192.0.2.44, specify
1419
+ # `192.0.2.44/32`.
1420
+ #
1421
+ # * To configure AWS WAF to allow, block, or count requests that
1422
+ # originated from IP addresses from 192.0.2.0 to 192.0.2.255,
1423
+ # specify `192.0.2.0/24`.
1424
+ #
1425
+ # AWS WAF supports only /8, /16, /24, and /32 IP addresses.
1426
+ #
1427
+ # For more information about CIDR notation, see the Wikipedia entry
1428
+ # [Classless Inter-Domain Routing][1].
1429
+ #
1430
+ #
1431
+ #
1432
+ # [1]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
1433
+ # @return [String]
1434
+ class IPSetDescriptor < Struct.new(
1435
+ :type,
1436
+ :value)
1437
+ include Aws::Structure
1438
+ end
1439
+
1440
+ # Contains the identifier and the name of the `IPSet`.
1441
+ # @!attribute [rw] ip_set_id
1442
+ # The `IPSetId` for an IPSet. You can use `IPSetId` in a GetIPSet
1443
+ # request to get detailed information about an IPSet.
1444
+ # @return [String]
1445
+ #
1446
+ # @!attribute [rw] name
1447
+ # A friendly name or description of the IPSet. You can't change the
1448
+ # name of an `IPSet` after you create it.
1449
+ # @return [String]
1450
+ class IPSetSummary < Struct.new(
1451
+ :ip_set_id,
1452
+ :name)
1453
+ include Aws::Structure
1454
+ end
1455
+
1456
+ # Specifies the type of update to perform to an IPSet with UpdateIPSet.
1457
+ # @note When making an API call, pass IPSetUpdate
1458
+ # data as a hash:
1459
+ #
1460
+ # {
1461
+ # action: "INSERT", # required, accepts INSERT, DELETE
1462
+ # ip_set_descriptor: { # required
1463
+ # type: "IPV4", # required, accepts IPV4, IPV6
1464
+ # value: "IPSetDescriptorValue", # required
1465
+ # },
1466
+ # }
1467
+ # @!attribute [rw] action
1468
+ # Specifies whether to insert or delete an IP address with
1469
+ # UpdateIPSet.
1470
+ # @return [String]
1471
+ #
1472
+ # @!attribute [rw] ip_set_descriptor
1473
+ # The IP address type (`IPV4`) and the IP address range (in CIDR
1474
+ # notation) that web requests originate from.
1475
+ # @return [Types::IPSetDescriptor]
1476
+ class IPSetUpdate < Struct.new(
1477
+ :action,
1478
+ :ip_set_descriptor)
1479
+ include Aws::Structure
1480
+ end
1481
+
1482
+ # @note When making an API call, pass ListByteMatchSetsRequest
1483
+ # data as a hash:
1484
+ #
1485
+ # {
1486
+ # next_marker: "NextMarker",
1487
+ # limit: 1,
1488
+ # }
1489
+ # @!attribute [rw] next_marker
1490
+ # If you specify a value for `Limit` and you have more `ByteMatchSets`
1491
+ # than the value of `Limit`, AWS WAF returns a `NextMarker` value in
1492
+ # the response that allows you to list another group of
1493
+ # `ByteMatchSets`. For the second and subsequent `ListByteMatchSets`
1494
+ # requests, specify the value of `NextMarker` from the previous
1495
+ # response to get information about another batch of `ByteMatchSets`.
1496
+ # @return [String]
1497
+ #
1498
+ # @!attribute [rw] limit
1499
+ # Specifies the number of `ByteMatchSet` objects that you want AWS WAF
1500
+ # to return for this request. If you have more `ByteMatchSets` objects
1501
+ # than the number you specify for `Limit`, the response includes a
1502
+ # `NextMarker` value that you can use to get another batch of
1503
+ # `ByteMatchSet` objects.
1504
+ # @return [Integer]
1505
+ class ListByteMatchSetsRequest < Struct.new(
1506
+ :next_marker,
1507
+ :limit)
1508
+ include Aws::Structure
1509
+ end
1510
+
1511
+ # @!attribute [rw] next_marker
1512
+ # If you have more `ByteMatchSet` objects than the number that you
1513
+ # specified for `Limit` in the request, the response includes a
1514
+ # `NextMarker` value. To list more `ByteMatchSet` objects, submit
1515
+ # another `ListByteMatchSets` request, and specify the `NextMarker`
1516
+ # value from the response in the `NextMarker` value in the next
1517
+ # request.
1518
+ # @return [String]
1519
+ #
1520
+ # @!attribute [rw] byte_match_sets
1521
+ # An array of ByteMatchSetSummary objects.
1522
+ # @return [Array<Types::ByteMatchSetSummary>]
1523
+ class ListByteMatchSetsResponse < Struct.new(
1524
+ :next_marker,
1525
+ :byte_match_sets)
1526
+ include Aws::Structure
1527
+ end
1528
+
1529
+ # @note When making an API call, pass ListIPSetsRequest
1530
+ # data as a hash:
1531
+ #
1532
+ # {
1533
+ # next_marker: "NextMarker",
1534
+ # limit: 1,
1535
+ # }
1536
+ # @!attribute [rw] next_marker
1537
+ # If you specify a value for `Limit` and you have more `IPSets` than
1538
+ # the value of `Limit`, AWS WAF returns a `NextMarker` value in the
1539
+ # response that allows you to list another group of `IPSets`. For the
1540
+ # second and subsequent `ListIPSets` requests, specify the value of
1541
+ # `NextMarker` from the previous response to get information about
1542
+ # another batch of `ByteMatchSets`.
1543
+ # @return [String]
1544
+ #
1545
+ # @!attribute [rw] limit
1546
+ # Specifies the number of `IPSet` objects that you want AWS WAF to
1547
+ # return for this request. If you have more `IPSet` objects than the
1548
+ # number you specify for `Limit`, the response includes a `NextMarker`
1549
+ # value that you can use to get another batch of `IPSet` objects.
1550
+ # @return [Integer]
1551
+ class ListIPSetsRequest < Struct.new(
1552
+ :next_marker,
1553
+ :limit)
1554
+ include Aws::Structure
1555
+ end
1556
+
1557
+ # @!attribute [rw] next_marker
1558
+ # If you have more `IPSet` objects than the number that you specified
1559
+ # for `Limit` in the request, the response includes a `NextMarker`
1560
+ # value. To list more `IPSet` objects, submit another `ListIPSets`
1561
+ # request, and specify the `NextMarker` value from the response in the
1562
+ # `NextMarker` value in the next request.
1563
+ # @return [String]
1564
+ #
1565
+ # @!attribute [rw] ip_sets
1566
+ # An array of IPSetSummary objects.
1567
+ # @return [Array<Types::IPSetSummary>]
1568
+ class ListIPSetsResponse < Struct.new(
1569
+ :next_marker,
1570
+ :ip_sets)
1571
+ include Aws::Structure
1572
+ end
1573
+
1574
+ # @note When making an API call, pass ListRulesRequest
1575
+ # data as a hash:
1576
+ #
1577
+ # {
1578
+ # next_marker: "NextMarker",
1579
+ # limit: 1,
1580
+ # }
1581
+ # @!attribute [rw] next_marker
1582
+ # If you specify a value for `Limit` and you have more `Rules` than
1583
+ # the value of `Limit`, AWS WAF returns a `NextMarker` value in the
1584
+ # response that allows you to list another group of `Rules`. For the
1585
+ # second and subsequent `ListRules` requests, specify the value of
1586
+ # `NextMarker` from the previous response to get information about
1587
+ # another batch of `Rules`.
1588
+ # @return [String]
1589
+ #
1590
+ # @!attribute [rw] limit
1591
+ # Specifies the number of `Rules` that you want AWS WAF to return for
1592
+ # this request. If you have more `Rules` than the number that you
1593
+ # specify for `Limit`, the response includes a `NextMarker` value that
1594
+ # you can use to get another batch of `Rules`.
1595
+ # @return [Integer]
1596
+ class ListRulesRequest < Struct.new(
1597
+ :next_marker,
1598
+ :limit)
1599
+ include Aws::Structure
1600
+ end
1601
+
1602
+ # @!attribute [rw] next_marker
1603
+ # If you have more `Rules` than the number that you specified for
1604
+ # `Limit` in the request, the response includes a `NextMarker` value.
1605
+ # To list more `Rules`, submit another `ListRules` request, and
1606
+ # specify the `NextMarker` value from the response in the `NextMarker`
1607
+ # value in the next request.
1608
+ # @return [String]
1609
+ #
1610
+ # @!attribute [rw] rules
1611
+ # An array of RuleSummary objects.
1612
+ # @return [Array<Types::RuleSummary>]
1613
+ class ListRulesResponse < Struct.new(
1614
+ :next_marker,
1615
+ :rules)
1616
+ include Aws::Structure
1617
+ end
1618
+
1619
+ # @note When making an API call, pass ListSizeConstraintSetsRequest
1620
+ # data as a hash:
1621
+ #
1622
+ # {
1623
+ # next_marker: "NextMarker",
1624
+ # limit: 1,
1625
+ # }
1626
+ # @!attribute [rw] next_marker
1627
+ # If you specify a value for `Limit` and you have more
1628
+ # `SizeConstraintSets` than the value of `Limit`, AWS WAF returns a
1629
+ # `NextMarker` value in the response that allows you to list another
1630
+ # group of `SizeConstraintSets`. For the second and subsequent
1631
+ # `ListSizeConstraintSets` requests, specify the value of `NextMarker`
1632
+ # from the previous response to get information about another batch of
1633
+ # `SizeConstraintSets`.
1634
+ # @return [String]
1635
+ #
1636
+ # @!attribute [rw] limit
1637
+ # Specifies the number of `SizeConstraintSet` objects that you want
1638
+ # AWS WAF to return for this request. If you have more
1639
+ # `SizeConstraintSets` objects than the number you specify for
1640
+ # `Limit`, the response includes a `NextMarker` value that you can use
1641
+ # to get another batch of `SizeConstraintSet` objects.
1642
+ # @return [Integer]
1643
+ class ListSizeConstraintSetsRequest < Struct.new(
1644
+ :next_marker,
1645
+ :limit)
1646
+ include Aws::Structure
1647
+ end
1648
+
1649
+ # @!attribute [rw] next_marker
1650
+ # If you have more `SizeConstraintSet` objects than the number that
1651
+ # you specified for `Limit` in the request, the response includes a
1652
+ # `NextMarker` value. To list more `SizeConstraintSet` objects, submit
1653
+ # another `ListSizeConstraintSets` request, and specify the
1654
+ # `NextMarker` value from the response in the `NextMarker` value in
1655
+ # the next request.
1656
+ # @return [String]
1657
+ #
1658
+ # @!attribute [rw] size_constraint_sets
1659
+ # An array of SizeConstraintSetSummary objects.
1660
+ # @return [Array<Types::SizeConstraintSetSummary>]
1661
+ class ListSizeConstraintSetsResponse < Struct.new(
1662
+ :next_marker,
1663
+ :size_constraint_sets)
1664
+ include Aws::Structure
1665
+ end
1666
+
1667
+ # A request to list the SqlInjectionMatchSet objects created by the
1668
+ # current AWS account.
1669
+ # @note When making an API call, pass ListSqlInjectionMatchSetsRequest
1670
+ # data as a hash:
1671
+ #
1672
+ # {
1673
+ # next_marker: "NextMarker",
1674
+ # limit: 1,
1675
+ # }
1676
+ # @!attribute [rw] next_marker
1677
+ # If you specify a value for `Limit` and you have more
1678
+ # SqlInjectionMatchSet objects than the value of `Limit`, AWS WAF
1679
+ # returns a `NextMarker` value in the response that allows you to list
1680
+ # another group of `SqlInjectionMatchSets`. For the second and
1681
+ # subsequent `ListSqlInjectionMatchSets` requests, specify the value
1682
+ # of `NextMarker` from the previous response to get information about
1683
+ # another batch of `SqlInjectionMatchSets`.
1684
+ # @return [String]
1685
+ #
1686
+ # @!attribute [rw] limit
1687
+ # Specifies the number of SqlInjectionMatchSet objects that you want
1688
+ # AWS WAF to return for this request. If you have more
1689
+ # `SqlInjectionMatchSet` objects than the number you specify for
1690
+ # `Limit`, the response includes a `NextMarker` value that you can use
1691
+ # to get another batch of `Rules`.
1692
+ # @return [Integer]
1693
+ class ListSqlInjectionMatchSetsRequest < Struct.new(
1694
+ :next_marker,
1695
+ :limit)
1696
+ include Aws::Structure
1697
+ end
1698
+
1699
+ # The response to a ListSqlInjectionMatchSets request.
1700
+ # @!attribute [rw] next_marker
1701
+ # If you have more SqlInjectionMatchSet objects than the number that
1702
+ # you specified for `Limit` in the request, the response includes a
1703
+ # `NextMarker` value. To list more `SqlInjectionMatchSet` objects,
1704
+ # submit another `ListSqlInjectionMatchSets` request, and specify the
1705
+ # `NextMarker` value from the response in the `NextMarker` value in
1706
+ # the next request.
1707
+ # @return [String]
1708
+ #
1709
+ # @!attribute [rw] sql_injection_match_sets
1710
+ # An array of SqlInjectionMatchSetSummary objects.
1711
+ # @return [Array<Types::SqlInjectionMatchSetSummary>]
1712
+ class ListSqlInjectionMatchSetsResponse < Struct.new(
1713
+ :next_marker,
1714
+ :sql_injection_match_sets)
1715
+ include Aws::Structure
1716
+ end
1717
+
1718
+ # @note When making an API call, pass ListWebACLsRequest
1719
+ # data as a hash:
1720
+ #
1721
+ # {
1722
+ # next_marker: "NextMarker",
1723
+ # limit: 1,
1724
+ # }
1725
+ # @!attribute [rw] next_marker
1726
+ # If you specify a value for `Limit` and you have more `WebACL`
1727
+ # objects than the number that you specify for `Limit`, AWS WAF
1728
+ # returns a `NextMarker` value in the response that allows you to list
1729
+ # another group of `WebACL` objects. For the second and subsequent
1730
+ # `ListWebACLs` requests, specify the value of `NextMarker` from the
1731
+ # previous response to get information about another batch of `WebACL`
1732
+ # objects.
1733
+ # @return [String]
1734
+ #
1735
+ # @!attribute [rw] limit
1736
+ # Specifies the number of `WebACL` objects that you want AWS WAF to
1737
+ # return for this request. If you have more `WebACL` objects than the
1738
+ # number that you specify for `Limit`, the response includes a
1739
+ # `NextMarker` value that you can use to get another batch of `WebACL`
1740
+ # objects.
1741
+ # @return [Integer]
1742
+ class ListWebACLsRequest < Struct.new(
1743
+ :next_marker,
1744
+ :limit)
1745
+ include Aws::Structure
1746
+ end
1747
+
1748
+ # @!attribute [rw] next_marker
1749
+ # If you have more `WebACL` objects than the number that you specified
1750
+ # for `Limit` in the request, the response includes a `NextMarker`
1751
+ # value. To list more `WebACL` objects, submit another `ListWebACLs`
1752
+ # request, and specify the `NextMarker` value from the response in the
1753
+ # `NextMarker` value in the next request.
1754
+ # @return [String]
1755
+ #
1756
+ # @!attribute [rw] web_acls
1757
+ # An array of WebACLSummary objects.
1758
+ # @return [Array<Types::WebACLSummary>]
1759
+ class ListWebACLsResponse < Struct.new(
1760
+ :next_marker,
1761
+ :web_acls)
1762
+ include Aws::Structure
1763
+ end
1764
+
1765
+ # A request to list the XssMatchSet objects created by the current AWS
1766
+ # account.
1767
+ # @note When making an API call, pass ListXssMatchSetsRequest
1768
+ # data as a hash:
1769
+ #
1770
+ # {
1771
+ # next_marker: "NextMarker",
1772
+ # limit: 1,
1773
+ # }
1774
+ # @!attribute [rw] next_marker
1775
+ # If you specify a value for `Limit` and you have more XssMatchSet
1776
+ # objects than the value of `Limit`, AWS WAF returns a `NextMarker`
1777
+ # value in the response that allows you to list another group of
1778
+ # `XssMatchSets`. For the second and subsequent `ListXssMatchSets`
1779
+ # requests, specify the value of `NextMarker` from the previous
1780
+ # response to get information about another batch of `XssMatchSets`.
1781
+ # @return [String]
1782
+ #
1783
+ # @!attribute [rw] limit
1784
+ # Specifies the number of XssMatchSet objects that you want AWS WAF to
1785
+ # return for this request. If you have more `XssMatchSet` objects than
1786
+ # the number you specify for `Limit`, the response includes a
1787
+ # `NextMarker` value that you can use to get another batch of `Rules`.
1788
+ # @return [Integer]
1789
+ class ListXssMatchSetsRequest < Struct.new(
1790
+ :next_marker,
1791
+ :limit)
1792
+ include Aws::Structure
1793
+ end
1794
+
1795
+ # The response to a ListXssMatchSets request.
1796
+ # @!attribute [rw] next_marker
1797
+ # If you have more XssMatchSet objects than the number that you
1798
+ # specified for `Limit` in the request, the response includes a
1799
+ # `NextMarker` value. To list more `XssMatchSet` objects, submit
1800
+ # another `ListXssMatchSets` request, and specify the `NextMarker`
1801
+ # value from the response in the `NextMarker` value in the next
1802
+ # request.
1803
+ # @return [String]
1804
+ #
1805
+ # @!attribute [rw] xss_match_sets
1806
+ # An array of XssMatchSetSummary objects.
1807
+ # @return [Array<Types::XssMatchSetSummary>]
1808
+ class ListXssMatchSetsResponse < Struct.new(
1809
+ :next_marker,
1810
+ :xss_match_sets)
1811
+ include Aws::Structure
1812
+ end
1813
+
1814
+ # Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet,
1815
+ # and SizeConstraintSet objects that you want to add to a `Rule` and,
1816
+ # for each object, indicates whether you want to negate the settings,
1817
+ # for example, requests that do NOT originate from the IP address
1818
+ # 192.0.2.44.
1819
+ # @note When making an API call, pass Predicate
1820
+ # data as a hash:
1821
+ #
1822
+ # {
1823
+ # negated: false, # required
1824
+ # type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
1825
+ # data_id: "ResourceId", # required
1826
+ # }
1827
+ # @!attribute [rw] negated
1828
+ # Set `Negated` to `False` if you want AWS WAF to allow, block, or
1829
+ # count requests based on the settings in the specified ByteMatchSet,
1830
+ # IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For
1831
+ # example, if an `IPSet` includes the IP address `192.0.2.44`, AWS WAF
1832
+ # will allow or block requests based on that IP address.
1833
+ #
1834
+ # Set `Negated` to `True` if you want AWS WAF to allow or block a
1835
+ # request based on the negation of the settings in the ByteMatchSet,
1836
+ # IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For
1837
+ # example, if an `IPSet` includes the IP address `192.0.2.44`, AWS WAF
1838
+ # will allow, block, or count requests based on all IP addresses
1839
+ # *except* `192.0.2.44`.
1840
+ # @return [Boolean]
1841
+ #
1842
+ # @!attribute [rw] type
1843
+ # The type of predicate in a `Rule`, such as `ByteMatchSet` or
1844
+ # `IPSet`.
1845
+ # @return [String]
1846
+ #
1847
+ # @!attribute [rw] data_id
1848
+ # A unique identifier for a predicate in a `Rule`, such as
1849
+ # `ByteMatchSetId` or `IPSetId`. The ID is returned by the
1850
+ # corresponding `Create` or `List` command.
1851
+ # @return [String]
1852
+ class Predicate < Struct.new(
1853
+ :negated,
1854
+ :type,
1855
+ :data_id)
1856
+ include Aws::Structure
1857
+ end
1858
+
1859
+ # A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet
1860
+ # objects that identify the web requests that you want to allow, block,
1861
+ # or count. For example, you might create a `Rule` that includes the
1862
+ # following predicates:
1863
+ #
1864
+ # * An `IPSet` that causes AWS WAF to search for web requests that
1865
+ # originate from the IP address `192.0.2.44`
1866
+ #
1867
+ # * A `ByteMatchSet` that causes AWS WAF to search for web requests for
1868
+ # which the value of the `User-Agent` header is `BadBot`.
1869
+ #
1870
+ # To match the settings in this `Rule`, a request must originate from
1871
+ # `192.0.2.44` AND include a `User-Agent` header for which the value is
1872
+ # `BadBot`.
1873
+ # @!attribute [rw] rule_id
1874
+ # A unique identifier for a `Rule`. You use `RuleId` to get more
1875
+ # information about a `Rule` (see GetRule), update a `Rule` (see
1876
+ # UpdateRule), insert a `Rule` into a `WebACL` or delete a one from a
1877
+ # `WebACL` (see UpdateWebACL), or delete a `Rule` from AWS WAF (see
1878
+ # DeleteRule).
1879
+ #
1880
+ # `RuleId` is returned by CreateRule and by ListRules.
1881
+ # @return [String]
1882
+ #
1883
+ # @!attribute [rw] name
1884
+ # The friendly name or description for the `Rule`. You can't change
1885
+ # the name of a `Rule` after you create it.
1886
+ # @return [String]
1887
+ #
1888
+ # @!attribute [rw] metric_name
1889
+ # @return [String]
1890
+ #
1891
+ # @!attribute [rw] predicates
1892
+ # The `Predicates` object contains one `Predicate` element for each
1893
+ # ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to
1894
+ # include in a `Rule`.
1895
+ # @return [Array<Types::Predicate>]
1896
+ class Rule < Struct.new(
1897
+ :rule_id,
1898
+ :name,
1899
+ :metric_name,
1900
+ :predicates)
1901
+ include Aws::Structure
1902
+ end
1903
+
1904
+ # Contains the identifier and the friendly name or description of the
1905
+ # `Rule`.
1906
+ # @!attribute [rw] rule_id
1907
+ # A unique identifier for a `Rule`. You use `RuleId` to get more
1908
+ # information about a `Rule` (see GetRule), update a `Rule` (see
1909
+ # UpdateRule), insert a `Rule` into a `WebACL` or delete one from a
1910
+ # `WebACL` (see UpdateWebACL), or delete a `Rule` from AWS WAF (see
1911
+ # DeleteRule).
1912
+ #
1913
+ # `RuleId` is returned by CreateRule and by ListRules.
1914
+ # @return [String]
1915
+ #
1916
+ # @!attribute [rw] name
1917
+ # A friendly name or description of the Rule. You can't change the
1918
+ # name of a `Rule` after you create it.
1919
+ # @return [String]
1920
+ class RuleSummary < Struct.new(
1921
+ :rule_id,
1922
+ :name)
1923
+ include Aws::Structure
1924
+ end
1925
+
1926
+ # Specifies a `Predicate` (such as an `IPSet`) and indicates whether you
1927
+ # want to add it to a `Rule` or delete it from a `Rule`.
1928
+ # @note When making an API call, pass RuleUpdate
1929
+ # data as a hash:
1930
+ #
1931
+ # {
1932
+ # action: "INSERT", # required, accepts INSERT, DELETE
1933
+ # predicate: { # required
1934
+ # negated: false, # required
1935
+ # type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
1936
+ # data_id: "ResourceId", # required
1937
+ # },
1938
+ # }
1939
+ # @!attribute [rw] action
1940
+ # Specify `INSERT` to add a `Predicate` to a `Rule`. Use `DELETE` to
1941
+ # remove a `Predicate` from a `Rule`.
1942
+ # @return [String]
1943
+ #
1944
+ # @!attribute [rw] predicate
1945
+ # The ID of the `Predicate` (such as an `IPSet`) that you want to add
1946
+ # to a `Rule`.
1947
+ # @return [Types::Predicate]
1948
+ class RuleUpdate < Struct.new(
1949
+ :action,
1950
+ :predicate)
1951
+ include Aws::Structure
1952
+ end
1953
+
1954
+ # The response from a GetSampledRequests request includes a
1955
+ # `SampledHTTPRequests` complex type that appears as `SampledRequests`
1956
+ # in the response syntax. `SampledHTTPRequests` contains one
1957
+ # `SampledHTTPRequest` object for each web request that is returned by
1958
+ # `GetSampledRequests`.
1959
+ # @!attribute [rw] request
1960
+ # A complex type that contains detailed information about the request.
1961
+ # @return [Types::HTTPRequest]
1962
+ #
1963
+ # @!attribute [rw] weight
1964
+ # A value that indicates how one result in the response relates
1965
+ # proportionally to other results in the response. A result that has a
1966
+ # weight of `2` represents roughly twice as many CloudFront web
1967
+ # requests as a result that has a weight of `1`.
1968
+ # @return [Integer]
1969
+ #
1970
+ # @!attribute [rw] timestamp
1971
+ # The time at which AWS WAF received the request from your AWS
1972
+ # resource, in Unix time format (in seconds).
1973
+ # @return [Time]
1974
+ #
1975
+ # @!attribute [rw] action
1976
+ # The action for the `Rule` that the request matched: `ALLOW`,
1977
+ # `BLOCK`, or `COUNT`.
1978
+ # @return [String]
1979
+ class SampledHTTPRequest < Struct.new(
1980
+ :request,
1981
+ :weight,
1982
+ :timestamp,
1983
+ :action)
1984
+ include Aws::Structure
1985
+ end
1986
+
1987
+ # Specifies a constraint on the size of a part of the web request. AWS
1988
+ # WAF uses the `Size`, `ComparisonOperator`, and `FieldToMatch` to build
1989
+ # an expression in the form of "`Size` `ComparisonOperator` size in
1990
+ # bytes of `FieldToMatch`". If that expression is true, the
1991
+ # `SizeConstraint` is considered to match.
1992
+ # @note When making an API call, pass SizeConstraint
1993
+ # data as a hash:
1994
+ #
1995
+ # {
1996
+ # field_to_match: { # required
1997
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
1998
+ # data: "MatchFieldData",
1999
+ # },
2000
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2001
+ # comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
2002
+ # size: 1, # required
2003
+ # }
2004
+ # @!attribute [rw] field_to_match
2005
+ # Specifies where in a web request to look for `TargetString`.
2006
+ # @return [Types::FieldToMatch]
2007
+ #
2008
+ # @!attribute [rw] text_transformation
2009
+ # Text transformations eliminate some of the unusual formatting that
2010
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
2011
+ # specify a transformation, AWS WAF performs the transformation on
2012
+ # `FieldToMatch` before inspecting a request for a match.
2013
+ #
2014
+ # Note that if you choose `BODY` for the value of `Type`, you must
2015
+ # choose `NONE` for `TextTransformation` because CloudFront forwards
2016
+ # only the first 8192 bytes for inspection.
2017
+ #
2018
+ # **NONE**
2019
+ #
2020
+ # Specify `NONE` if you don't want to perform any text
2021
+ # transformations.
2022
+ #
2023
+ # **CMD\_LINE**
2024
+ #
2025
+ # When you're concerned that attackers are injecting an operating
2026
+ # system command line command and using unusual formatting to disguise
2027
+ # some or all of the command, use this option to perform the following
2028
+ # transformations:
2029
+ #
2030
+ # * Delete the following characters: \\ " ' ^
2031
+ #
2032
+ # * Delete spaces before the following characters: / (
2033
+ #
2034
+ # * Replace the following characters with a space: , ;
2035
+ #
2036
+ # * Replace multiple spaces with one space
2037
+ #
2038
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
2039
+ #
2040
+ # **COMPRESS\_WHITE\_SPACE**
2041
+ #
2042
+ # Use this option to replace the following characters with a space
2043
+ # character (decimal 32):
2044
+ #
2045
+ # * \\f, formfeed, decimal 12
2046
+ #
2047
+ # * \\t, tab, decimal 9
2048
+ #
2049
+ # * \\n, newline, decimal 10
2050
+ #
2051
+ # * \\r, carriage return, decimal 13
2052
+ #
2053
+ # * \\v, vertical tab, decimal 11
2054
+ #
2055
+ # * non-breaking space, decimal 160
2056
+ #
2057
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
2058
+ #
2059
+ # **HTML\_ENTITY\_DECODE**
2060
+ #
2061
+ # Use this option to replace HTML-encoded characters with unencoded
2062
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
2063
+ #
2064
+ # * Replaces `(ampersand)quot;` with `"`
2065
+ #
2066
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
2067
+ #
2068
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
2069
+ #
2070
+ # * Replaces `(ampersand)gt;` with `>`
2071
+ #
2072
+ # * Replaces characters that are represented in hexadecimal format,
2073
+ # `(ampersand)#xhhhh;`, with the corresponding characters
2074
+ #
2075
+ # * Replaces characters that are represented in decimal format,
2076
+ # `(ampersand)#nnnn;`, with the corresponding characters
2077
+ #
2078
+ # **LOWERCASE**
2079
+ #
2080
+ # Use this option to convert uppercase letters (A-Z) to lowercase
2081
+ # (a-z).
2082
+ #
2083
+ # **URL\_DECODE**
2084
+ #
2085
+ # Use this option to decode a URL-encoded value.
2086
+ # @return [String]
2087
+ #
2088
+ # @!attribute [rw] comparison_operator
2089
+ # The type of comparison you want AWS WAF to perform. AWS WAF uses
2090
+ # this in combination with the provided `Size` and `FieldToMatch` to
2091
+ # build an expression in the form of "`Size` `ComparisonOperator`
2092
+ # size in bytes of `FieldToMatch`". If that expression is true, the
2093
+ # `SizeConstraint` is considered to match.
2094
+ #
2095
+ # **EQ**\: Used to test if the `Size` is equal to the size of the
2096
+ # `FieldToMatch`
2097
+ #
2098
+ # **NE**\: Used to test if the `Size` is not equal to the size of the
2099
+ # `FieldToMatch`
2100
+ #
2101
+ # **LE**\: Used to test if the `Size` is less than or equal to the
2102
+ # size of the `FieldToMatch`
2103
+ #
2104
+ # **LT**\: Used to test if the `Size` is strictly less than the size
2105
+ # of the `FieldToMatch`
2106
+ #
2107
+ # **GE**\: Used to test if the `Size` is greater than or equal to the
2108
+ # size of the `FieldToMatch`
2109
+ #
2110
+ # **GT**\: Used to test if the `Size` is strictly greater than the
2111
+ # size of the `FieldToMatch`
2112
+ # @return [String]
2113
+ #
2114
+ # @!attribute [rw] size
2115
+ # The size in bytes that you want AWS WAF to compare against the size
2116
+ # of the specified `FieldToMatch`. AWS WAF uses this in combination
2117
+ # with `ComparisonOperator` and `FieldToMatch` to build an expression
2118
+ # in the form of "`Size` `ComparisonOperator` size in bytes of
2119
+ # `FieldToMatch`". If that expression is true, the `SizeConstraint`
2120
+ # is considered to match.
2121
+ #
2122
+ # Valid values for size are 0 - 21474836480 bytes (0 - 20 GB).
2123
+ #
2124
+ # If you specify `URI` for the value of `Type`, the / in the URI
2125
+ # counts as one character. For example, the URI `/logo.jpg` is nine
2126
+ # characters long.
2127
+ # @return [Integer]
2128
+ class SizeConstraint < Struct.new(
2129
+ :field_to_match,
2130
+ :text_transformation,
2131
+ :comparison_operator,
2132
+ :size)
2133
+ include Aws::Structure
2134
+ end
2135
+
2136
+ # A complex type that contains `SizeConstraint` objects, which specify
2137
+ # the parts of web requests that you want AWS WAF to inspect the size
2138
+ # of. If a `SizeConstraintSet` contains more than one `SizeConstraint`
2139
+ # object, a request only needs to match one constraint to be considered
2140
+ # a match.
2141
+ # @!attribute [rw] size_constraint_set_id
2142
+ # A unique identifier for a `SizeConstraintSet`. You use
2143
+ # `SizeConstraintSetId` to get information about a `SizeConstraintSet`
2144
+ # (see GetSizeConstraintSet), update a `SizeConstraintSet` (see
2145
+ # UpdateSizeConstraintSet), insert a `SizeConstraintSet` into a `Rule`
2146
+ # or delete one from a `Rule` (see UpdateRule), and delete a
2147
+ # `SizeConstraintSet` from AWS WAF (see DeleteSizeConstraintSet).
2148
+ #
2149
+ # `SizeConstraintSetId` is returned by CreateSizeConstraintSet and by
2150
+ # ListSizeConstraintSets.
2151
+ # @return [String]
2152
+ #
2153
+ # @!attribute [rw] name
2154
+ # The name, if any, of the `SizeConstraintSet`.
2155
+ # @return [String]
2156
+ #
2157
+ # @!attribute [rw] size_constraints
2158
+ # Specifies the parts of web requests that you want to inspect the
2159
+ # size of.
2160
+ # @return [Array<Types::SizeConstraint>]
2161
+ class SizeConstraintSet < Struct.new(
2162
+ :size_constraint_set_id,
2163
+ :name,
2164
+ :size_constraints)
2165
+ include Aws::Structure
2166
+ end
2167
+
2168
+ # The `Id` and `Name` of a `SizeConstraintSet`.
2169
+ # @!attribute [rw] size_constraint_set_id
2170
+ # A unique identifier for a `SizeConstraintSet`. You use
2171
+ # `SizeConstraintSetId` to get information about a `SizeConstraintSet`
2172
+ # (see GetSizeConstraintSet), update a `SizeConstraintSet` (see
2173
+ # UpdateSizeConstraintSet), insert a `SizeConstraintSet` into a `Rule`
2174
+ # or delete one from a `Rule` (see UpdateRule), and delete a
2175
+ # `SizeConstraintSet` from AWS WAF (see DeleteSizeConstraintSet).
2176
+ #
2177
+ # `SizeConstraintSetId` is returned by CreateSizeConstraintSet and by
2178
+ # ListSizeConstraintSets.
2179
+ # @return [String]
2180
+ #
2181
+ # @!attribute [rw] name
2182
+ # The name of the `SizeConstraintSet`, if any.
2183
+ # @return [String]
2184
+ class SizeConstraintSetSummary < Struct.new(
2185
+ :size_constraint_set_id,
2186
+ :name)
2187
+ include Aws::Structure
2188
+ end
2189
+
2190
+ # Specifies the part of a web request that you want to inspect the size
2191
+ # of and indicates whether you want to add the specification to a
2192
+ # SizeConstraintSet or delete it from a `SizeConstraintSet`.
2193
+ # @note When making an API call, pass SizeConstraintSetUpdate
2194
+ # data as a hash:
2195
+ #
2196
+ # {
2197
+ # action: "INSERT", # required, accepts INSERT, DELETE
2198
+ # size_constraint: { # required
2199
+ # field_to_match: { # required
2200
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2201
+ # data: "MatchFieldData",
2202
+ # },
2203
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2204
+ # comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
2205
+ # size: 1, # required
2206
+ # },
2207
+ # }
2208
+ # @!attribute [rw] action
2209
+ # Specify `INSERT` to add a SizeConstraintSetUpdate to a
2210
+ # SizeConstraintSet. Use `DELETE` to remove a
2211
+ # `SizeConstraintSetUpdate` from a `SizeConstraintSet`.
2212
+ # @return [String]
2213
+ #
2214
+ # @!attribute [rw] size_constraint
2215
+ # Specifies a constraint on the size of a part of the web request. AWS
2216
+ # WAF uses the `Size`, `ComparisonOperator`, and `FieldToMatch` to
2217
+ # build an expression in the form of "`Size` `ComparisonOperator`
2218
+ # size in bytes of `FieldToMatch`". If that expression is true, the
2219
+ # `SizeConstraint` is considered to match.
2220
+ # @return [Types::SizeConstraint]
2221
+ class SizeConstraintSetUpdate < Struct.new(
2222
+ :action,
2223
+ :size_constraint)
2224
+ include Aws::Structure
2225
+ end
2226
+
2227
+ # A complex type that contains `SqlInjectionMatchTuple` objects, which
2228
+ # specify the parts of web requests that you want AWS WAF to inspect for
2229
+ # snippets of malicious SQL code and, if you want AWS WAF to inspect a
2230
+ # header, the name of the header. If a `SqlInjectionMatchSet` contains
2231
+ # more than one `SqlInjectionMatchTuple` object, a request needs to
2232
+ # include snippets of SQL code in only one of the specified parts of the
2233
+ # request to be considered a match.
2234
+ # @!attribute [rw] sql_injection_match_set_id
2235
+ # A unique identifier for a `SqlInjectionMatchSet`. You use
2236
+ # `SqlInjectionMatchSetId` to get information about a
2237
+ # `SqlInjectionMatchSet` (see GetSqlInjectionMatchSet), update a
2238
+ # `SqlInjectionMatchSet` (see UpdateSqlInjectionMatchSet), insert a
2239
+ # `SqlInjectionMatchSet` into a `Rule` or delete one from a `Rule`
2240
+ # (see UpdateRule), and delete a `SqlInjectionMatchSet` from AWS WAF
2241
+ # (see DeleteSqlInjectionMatchSet).
2242
+ #
2243
+ # `SqlInjectionMatchSetId` is returned by CreateSqlInjectionMatchSet
2244
+ # and by ListSqlInjectionMatchSets.
2245
+ # @return [String]
2246
+ #
2247
+ # @!attribute [rw] name
2248
+ # The name, if any, of the `SqlInjectionMatchSet`.
2249
+ # @return [String]
2250
+ #
2251
+ # @!attribute [rw] sql_injection_match_tuples
2252
+ # Specifies the parts of web requests that you want to inspect for
2253
+ # snippets of malicious SQL code.
2254
+ # @return [Array<Types::SqlInjectionMatchTuple>]
2255
+ class SqlInjectionMatchSet < Struct.new(
2256
+ :sql_injection_match_set_id,
2257
+ :name,
2258
+ :sql_injection_match_tuples)
2259
+ include Aws::Structure
2260
+ end
2261
+
2262
+ # The `Id` and `Name` of a `SqlInjectionMatchSet`.
2263
+ # @!attribute [rw] sql_injection_match_set_id
2264
+ # A unique identifier for a `SqlInjectionMatchSet`. You use
2265
+ # `SqlInjectionMatchSetId` to get information about a
2266
+ # `SqlInjectionMatchSet` (see GetSqlInjectionMatchSet), update a
2267
+ # `SqlInjectionMatchSet` (see UpdateSqlInjectionMatchSet), insert a
2268
+ # `SqlInjectionMatchSet` into a `Rule` or delete one from a `Rule`
2269
+ # (see UpdateRule), and delete a `SqlInjectionMatchSet` from AWS WAF
2270
+ # (see DeleteSqlInjectionMatchSet).
2271
+ #
2272
+ # `SqlInjectionMatchSetId` is returned by CreateSqlInjectionMatchSet
2273
+ # and by ListSqlInjectionMatchSets.
2274
+ # @return [String]
2275
+ #
2276
+ # @!attribute [rw] name
2277
+ # The name of the `SqlInjectionMatchSet`, if any, specified by `Id`.
2278
+ # @return [String]
2279
+ class SqlInjectionMatchSetSummary < Struct.new(
2280
+ :sql_injection_match_set_id,
2281
+ :name)
2282
+ include Aws::Structure
2283
+ end
2284
+
2285
+ # Specifies the part of a web request that you want to inspect for
2286
+ # snippets of malicious SQL code and indicates whether you want to add
2287
+ # the specification to a SqlInjectionMatchSet or delete it from a
2288
+ # `SqlInjectionMatchSet`.
2289
+ # @note When making an API call, pass SqlInjectionMatchSetUpdate
2290
+ # data as a hash:
2291
+ #
2292
+ # {
2293
+ # action: "INSERT", # required, accepts INSERT, DELETE
2294
+ # sql_injection_match_tuple: { # required
2295
+ # field_to_match: { # required
2296
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2297
+ # data: "MatchFieldData",
2298
+ # },
2299
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2300
+ # },
2301
+ # }
2302
+ # @!attribute [rw] action
2303
+ # Specify `INSERT` to add a SqlInjectionMatchSetUpdate to a
2304
+ # SqlInjectionMatchSet. Use `DELETE` to remove a
2305
+ # `SqlInjectionMatchSetUpdate` from a `SqlInjectionMatchSet`.
2306
+ # @return [String]
2307
+ #
2308
+ # @!attribute [rw] sql_injection_match_tuple
2309
+ # Specifies the part of a web request that you want AWS WAF to inspect
2310
+ # for snippets of malicious SQL code and, if you want AWS WAF to
2311
+ # inspect a header, the name of the header.
2312
+ # @return [Types::SqlInjectionMatchTuple]
2313
+ class SqlInjectionMatchSetUpdate < Struct.new(
2314
+ :action,
2315
+ :sql_injection_match_tuple)
2316
+ include Aws::Structure
2317
+ end
2318
+
2319
+ # Specifies the part of a web request that you want AWS WAF to inspect
2320
+ # for snippets of malicious SQL code and, if you want AWS WAF to inspect
2321
+ # a header, the name of the header.
2322
+ # @note When making an API call, pass SqlInjectionMatchTuple
2323
+ # data as a hash:
2324
+ #
2325
+ # {
2326
+ # field_to_match: { # required
2327
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2328
+ # data: "MatchFieldData",
2329
+ # },
2330
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2331
+ # }
2332
+ # @!attribute [rw] field_to_match
2333
+ # Specifies where in a web request to look for `TargetString`.
2334
+ # @return [Types::FieldToMatch]
2335
+ #
2336
+ # @!attribute [rw] text_transformation
2337
+ # Text transformations eliminate some of the unusual formatting that
2338
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
2339
+ # specify a transformation, AWS WAF performs the transformation on
2340
+ # `FieldToMatch` before inspecting a request for a match.
2341
+ #
2342
+ # **CMD\_LINE**
2343
+ #
2344
+ # When you're concerned that attackers are injecting an operating
2345
+ # system commandline command and using unusual formatting to disguise
2346
+ # some or all of the command, use this option to perform the following
2347
+ # transformations:
2348
+ #
2349
+ # * Delete the following characters: \\ " ' ^
2350
+ #
2351
+ # * Delete spaces before the following characters: / (
2352
+ #
2353
+ # * Replace the following characters with a space: , ;
2354
+ #
2355
+ # * Replace multiple spaces with one space
2356
+ #
2357
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
2358
+ #
2359
+ # **COMPRESS\_WHITE\_SPACE**
2360
+ #
2361
+ # Use this option to replace the following characters with a space
2362
+ # character (decimal 32):
2363
+ #
2364
+ # * \\f, formfeed, decimal 12
2365
+ #
2366
+ # * \\t, tab, decimal 9
2367
+ #
2368
+ # * \\n, newline, decimal 10
2369
+ #
2370
+ # * \\r, carriage return, decimal 13
2371
+ #
2372
+ # * \\v, vertical tab, decimal 11
2373
+ #
2374
+ # * non-breaking space, decimal 160
2375
+ #
2376
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
2377
+ #
2378
+ # **HTML\_ENTITY\_DECODE**
2379
+ #
2380
+ # Use this option to replace HTML-encoded characters with unencoded
2381
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
2382
+ #
2383
+ # * Replaces `(ampersand)quot;` with `"`
2384
+ #
2385
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
2386
+ #
2387
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
2388
+ #
2389
+ # * Replaces `(ampersand)gt;` with `>`
2390
+ #
2391
+ # * Replaces characters that are represented in hexadecimal format,
2392
+ # `(ampersand)#xhhhh;`, with the corresponding characters
2393
+ #
2394
+ # * Replaces characters that are represented in decimal format,
2395
+ # `(ampersand)#nnnn;`, with the corresponding characters
2396
+ #
2397
+ # **LOWERCASE**
2398
+ #
2399
+ # Use this option to convert uppercase letters (A-Z) to lowercase
2400
+ # (a-z).
2401
+ #
2402
+ # **URL\_DECODE**
2403
+ #
2404
+ # Use this option to decode a URL-encoded value.
2405
+ #
2406
+ # **NONE**
2407
+ #
2408
+ # Specify `NONE` if you don't want to perform any text
2409
+ # transformations.
2410
+ # @return [String]
2411
+ class SqlInjectionMatchTuple < Struct.new(
2412
+ :field_to_match,
2413
+ :text_transformation)
2414
+ include Aws::Structure
2415
+ end
2416
+
2417
+ # In a GetSampledRequests request, the `StartTime` and `EndTime` objects
2418
+ # specify the time range for which you want AWS WAF to return a sample
2419
+ # of web requests.
2420
+ #
2421
+ # In a GetSampledRequests response, the `StartTime` and `EndTime`
2422
+ # objects specify the time range for which AWS WAF actually returned a
2423
+ # sample of web requests. AWS WAF gets the specified number of requests
2424
+ # from among the first 5,000 requests that your AWS resource receives
2425
+ # during the specified time period. If your resource receives more than
2426
+ # 5,000 requests during that period, AWS WAF stops sampling after the
2427
+ # 5,000th request. In that case, `EndTime` is the time that AWS WAF
2428
+ # received the 5,000th request.
2429
+ # @note When making an API call, pass TimeWindow
2430
+ # data as a hash:
2431
+ #
2432
+ # {
2433
+ # start_time: Time.now, # required
2434
+ # end_time: Time.now, # required
2435
+ # }
2436
+ # @!attribute [rw] start_time
2437
+ # The beginning of the time range from which you want
2438
+ # `GetSampledRequests` to return a sample of the requests that your
2439
+ # AWS resource received. You can specify any time range in the
2440
+ # previous three hours.
2441
+ # @return [Time]
2442
+ #
2443
+ # @!attribute [rw] end_time
2444
+ # The end of the time range from which you want `GetSampledRequests`
2445
+ # to return a sample of the requests that your AWS resource received.
2446
+ # You can specify any time range in the previous three hours.
2447
+ # @return [Time]
2448
+ class TimeWindow < Struct.new(
2449
+ :start_time,
2450
+ :end_time)
2451
+ include Aws::Structure
2452
+ end
2453
+
2454
+ # @note When making an API call, pass UpdateByteMatchSetRequest
2455
+ # data as a hash:
2456
+ #
2457
+ # {
2458
+ # byte_match_set_id: "ResourceId", # required
2459
+ # change_token: "ChangeToken", # required
2460
+ # updates: [ # required
2461
+ # {
2462
+ # action: "INSERT", # required, accepts INSERT, DELETE
2463
+ # byte_match_tuple: { # required
2464
+ # field_to_match: { # required
2465
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2466
+ # data: "MatchFieldData",
2467
+ # },
2468
+ # target_string: "data", # required
2469
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2470
+ # positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
2471
+ # },
2472
+ # },
2473
+ # ],
2474
+ # }
2475
+ # @!attribute [rw] byte_match_set_id
2476
+ # The `ByteMatchSetId` of the ByteMatchSet that you want to update.
2477
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
2478
+ # ListByteMatchSets.
2479
+ # @return [String]
2480
+ #
2481
+ # @!attribute [rw] change_token
2482
+ # The value returned by the most recent call to GetChangeToken.
2483
+ # @return [String]
2484
+ #
2485
+ # @!attribute [rw] updates
2486
+ # An array of `ByteMatchSetUpdate` objects that you want to insert
2487
+ # into or delete from a ByteMatchSet. For more information, see the
2488
+ # applicable data types:
2489
+ #
2490
+ # * ByteMatchSetUpdate: Contains `Action` and `ByteMatchTuple`
2491
+ #
2492
+ # * ByteMatchTuple: Contains `FieldToMatch`, `PositionalConstraint`,
2493
+ # `TargetString`, and `TextTransformation`
2494
+ #
2495
+ # * FieldToMatch: Contains `Data` and `Type`
2496
+ # @return [Array<Types::ByteMatchSetUpdate>]
2497
+ class UpdateByteMatchSetRequest < Struct.new(
2498
+ :byte_match_set_id,
2499
+ :change_token,
2500
+ :updates)
2501
+ include Aws::Structure
2502
+ end
2503
+
2504
+ # @!attribute [rw] change_token
2505
+ # The `ChangeToken` that you used to submit the `UpdateByteMatchSet`
2506
+ # request. You can also use this value to query the status of the
2507
+ # request. For more information, see GetChangeTokenStatus.
2508
+ # @return [String]
2509
+ class UpdateByteMatchSetResponse < Struct.new(
2510
+ :change_token)
2511
+ include Aws::Structure
2512
+ end
2513
+
2514
+ # @note When making an API call, pass UpdateIPSetRequest
2515
+ # data as a hash:
2516
+ #
2517
+ # {
2518
+ # ip_set_id: "ResourceId", # required
2519
+ # change_token: "ChangeToken", # required
2520
+ # updates: [ # required
2521
+ # {
2522
+ # action: "INSERT", # required, accepts INSERT, DELETE
2523
+ # ip_set_descriptor: { # required
2524
+ # type: "IPV4", # required, accepts IPV4, IPV6
2525
+ # value: "IPSetDescriptorValue", # required
2526
+ # },
2527
+ # },
2528
+ # ],
2529
+ # }
2530
+ # @!attribute [rw] ip_set_id
2531
+ # The `IPSetId` of the IPSet that you want to update. `IPSetId` is
2532
+ # returned by CreateIPSet and by ListIPSets.
2533
+ # @return [String]
2534
+ #
2535
+ # @!attribute [rw] change_token
2536
+ # The value returned by the most recent call to GetChangeToken.
2537
+ # @return [String]
2538
+ #
2539
+ # @!attribute [rw] updates
2540
+ # An array of `IPSetUpdate` objects that you want to insert into or
2541
+ # delete from an IPSet. For more information, see the applicable data
2542
+ # types:
2543
+ #
2544
+ # * IPSetUpdate: Contains `Action` and `IPSetDescriptor`
2545
+ #
2546
+ # * IPSetDescriptor: Contains `Type` and `Value`
2547
+ # @return [Array<Types::IPSetUpdate>]
2548
+ class UpdateIPSetRequest < Struct.new(
2549
+ :ip_set_id,
2550
+ :change_token,
2551
+ :updates)
2552
+ include Aws::Structure
2553
+ end
2554
+
2555
+ # @!attribute [rw] change_token
2556
+ # The `ChangeToken` that you used to submit the `UpdateIPSet` request.
2557
+ # You can also use this value to query the status of the request. For
2558
+ # more information, see GetChangeTokenStatus.
2559
+ # @return [String]
2560
+ class UpdateIPSetResponse < Struct.new(
2561
+ :change_token)
2562
+ include Aws::Structure
2563
+ end
2564
+
2565
+ # @note When making an API call, pass UpdateRuleRequest
2566
+ # data as a hash:
2567
+ #
2568
+ # {
2569
+ # rule_id: "ResourceId", # required
2570
+ # change_token: "ChangeToken", # required
2571
+ # updates: [ # required
2572
+ # {
2573
+ # action: "INSERT", # required, accepts INSERT, DELETE
2574
+ # predicate: { # required
2575
+ # negated: false, # required
2576
+ # type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
2577
+ # data_id: "ResourceId", # required
2578
+ # },
2579
+ # },
2580
+ # ],
2581
+ # }
2582
+ # @!attribute [rw] rule_id
2583
+ # The `RuleId` of the `Rule` that you want to update. `RuleId` is
2584
+ # returned by `CreateRule` and by ListRules.
2585
+ # @return [String]
2586
+ #
2587
+ # @!attribute [rw] change_token
2588
+ # The value returned by the most recent call to GetChangeToken.
2589
+ # @return [String]
2590
+ #
2591
+ # @!attribute [rw] updates
2592
+ # An array of `RuleUpdate` objects that you want to insert into or
2593
+ # delete from a Rule. For more information, see the applicable data
2594
+ # types:
2595
+ #
2596
+ # * RuleUpdate: Contains `Action` and `Predicate`
2597
+ #
2598
+ # * Predicate: Contains `DataId`, `Negated`, and `Type`
2599
+ #
2600
+ # * FieldToMatch: Contains `Data` and `Type`
2601
+ # @return [Array<Types::RuleUpdate>]
2602
+ class UpdateRuleRequest < Struct.new(
2603
+ :rule_id,
2604
+ :change_token,
2605
+ :updates)
2606
+ include Aws::Structure
2607
+ end
2608
+
2609
+ # @!attribute [rw] change_token
2610
+ # The `ChangeToken` that you used to submit the `UpdateRule` request.
2611
+ # You can also use this value to query the status of the request. For
2612
+ # more information, see GetChangeTokenStatus.
2613
+ # @return [String]
2614
+ class UpdateRuleResponse < Struct.new(
2615
+ :change_token)
2616
+ include Aws::Structure
2617
+ end
2618
+
2619
+ # @note When making an API call, pass UpdateSizeConstraintSetRequest
2620
+ # data as a hash:
2621
+ #
2622
+ # {
2623
+ # size_constraint_set_id: "ResourceId", # required
2624
+ # change_token: "ChangeToken", # required
2625
+ # updates: [ # required
2626
+ # {
2627
+ # action: "INSERT", # required, accepts INSERT, DELETE
2628
+ # size_constraint: { # required
2629
+ # field_to_match: { # required
2630
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2631
+ # data: "MatchFieldData",
2632
+ # },
2633
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2634
+ # comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
2635
+ # size: 1, # required
2636
+ # },
2637
+ # },
2638
+ # ],
2639
+ # }
2640
+ # @!attribute [rw] size_constraint_set_id
2641
+ # The `SizeConstraintSetId` of the SizeConstraintSet that you want to
2642
+ # update. `SizeConstraintSetId` is returned by CreateSizeConstraintSet
2643
+ # and by ListSizeConstraintSets.
2644
+ # @return [String]
2645
+ #
2646
+ # @!attribute [rw] change_token
2647
+ # The value returned by the most recent call to GetChangeToken.
2648
+ # @return [String]
2649
+ #
2650
+ # @!attribute [rw] updates
2651
+ # An array of `SizeConstraintSetUpdate` objects that you want to
2652
+ # insert into or delete from a SizeConstraintSet. For more
2653
+ # information, see the applicable data types:
2654
+ #
2655
+ # * SizeConstraintSetUpdate: Contains `Action` and `SizeConstraint`
2656
+ #
2657
+ # * SizeConstraint: Contains `FieldToMatch`, `TextTransformation`,
2658
+ # `ComparisonOperator`, and `Size`
2659
+ #
2660
+ # * FieldToMatch: Contains `Data` and `Type`
2661
+ # @return [Array<Types::SizeConstraintSetUpdate>]
2662
+ class UpdateSizeConstraintSetRequest < Struct.new(
2663
+ :size_constraint_set_id,
2664
+ :change_token,
2665
+ :updates)
2666
+ include Aws::Structure
2667
+ end
2668
+
2669
+ # @!attribute [rw] change_token
2670
+ # The `ChangeToken` that you used to submit the
2671
+ # `UpdateSizeConstraintSet` request. You can also use this value to
2672
+ # query the status of the request. For more information, see
2673
+ # GetChangeTokenStatus.
2674
+ # @return [String]
2675
+ class UpdateSizeConstraintSetResponse < Struct.new(
2676
+ :change_token)
2677
+ include Aws::Structure
2678
+ end
2679
+
2680
+ # A request to update a SqlInjectionMatchSet.
2681
+ # @note When making an API call, pass UpdateSqlInjectionMatchSetRequest
2682
+ # data as a hash:
2683
+ #
2684
+ # {
2685
+ # sql_injection_match_set_id: "ResourceId", # required
2686
+ # change_token: "ChangeToken", # required
2687
+ # updates: [ # required
2688
+ # {
2689
+ # action: "INSERT", # required, accepts INSERT, DELETE
2690
+ # sql_injection_match_tuple: { # required
2691
+ # field_to_match: { # required
2692
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2693
+ # data: "MatchFieldData",
2694
+ # },
2695
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2696
+ # },
2697
+ # },
2698
+ # ],
2699
+ # }
2700
+ # @!attribute [rw] sql_injection_match_set_id
2701
+ # The `SqlInjectionMatchSetId` of the `SqlInjectionMatchSet` that you
2702
+ # want to update. `SqlInjectionMatchSetId` is returned by
2703
+ # CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.
2704
+ # @return [String]
2705
+ #
2706
+ # @!attribute [rw] change_token
2707
+ # The value returned by the most recent call to GetChangeToken.
2708
+ # @return [String]
2709
+ #
2710
+ # @!attribute [rw] updates
2711
+ # An array of `SqlInjectionMatchSetUpdate` objects that you want to
2712
+ # insert into or delete from a SqlInjectionMatchSet. For more
2713
+ # information, see the applicable data types:
2714
+ #
2715
+ # * SqlInjectionMatchSetUpdate: Contains `Action` and
2716
+ # `SqlInjectionMatchTuple`
2717
+ #
2718
+ # * SqlInjectionMatchTuple: Contains `FieldToMatch` and
2719
+ # `TextTransformation`
2720
+ #
2721
+ # * FieldToMatch: Contains `Data` and `Type`
2722
+ # @return [Array<Types::SqlInjectionMatchSetUpdate>]
2723
+ class UpdateSqlInjectionMatchSetRequest < Struct.new(
2724
+ :sql_injection_match_set_id,
2725
+ :change_token,
2726
+ :updates)
2727
+ include Aws::Structure
2728
+ end
2729
+
2730
+ # The response to an UpdateSqlInjectionMatchSets request.
2731
+ # @!attribute [rw] change_token
2732
+ # The `ChangeToken` that you used to submit the
2733
+ # `UpdateSqlInjectionMatchSet` request. You can also use this value to
2734
+ # query the status of the request. For more information, see
2735
+ # GetChangeTokenStatus.
2736
+ # @return [String]
2737
+ class UpdateSqlInjectionMatchSetResponse < Struct.new(
2738
+ :change_token)
2739
+ include Aws::Structure
2740
+ end
2741
+
2742
+ # @note When making an API call, pass UpdateWebACLRequest
2743
+ # data as a hash:
2744
+ #
2745
+ # {
2746
+ # web_acl_id: "ResourceId", # required
2747
+ # change_token: "ChangeToken", # required
2748
+ # updates: [
2749
+ # {
2750
+ # action: "INSERT", # required, accepts INSERT, DELETE
2751
+ # activated_rule: { # required
2752
+ # priority: 1, # required
2753
+ # rule_id: "ResourceId", # required
2754
+ # action: { # required
2755
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2756
+ # },
2757
+ # },
2758
+ # },
2759
+ # ],
2760
+ # default_action: {
2761
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2762
+ # },
2763
+ # }
2764
+ # @!attribute [rw] web_acl_id
2765
+ # The `WebACLId` of the WebACL that you want to update. `WebACLId` is
2766
+ # returned by CreateWebACL and by ListWebACLs.
2767
+ # @return [String]
2768
+ #
2769
+ # @!attribute [rw] change_token
2770
+ # The value returned by the most recent call to GetChangeToken.
2771
+ # @return [String]
2772
+ #
2773
+ # @!attribute [rw] updates
2774
+ # An array of updates to make to the WebACL.
2775
+ #
2776
+ # An array of `WebACLUpdate` objects that you want to insert into or
2777
+ # delete from a WebACL. For more information, see the applicable data
2778
+ # types:
2779
+ #
2780
+ # * WebACLUpdate: Contains `Action` and `ActivatedRule`
2781
+ #
2782
+ # * ActivatedRule: Contains `Action`, `Priority`, and `RuleId`
2783
+ #
2784
+ # * WafAction: Contains `Type`
2785
+ # @return [Array<Types::WebACLUpdate>]
2786
+ #
2787
+ # @!attribute [rw] default_action
2788
+ # For the action that is associated with a rule in a `WebACL`,
2789
+ # specifies the action that you want AWS WAF to perform when a web
2790
+ # request matches all of the conditions in a rule. For the default
2791
+ # action in a `WebACL`, specifies the action that you want AWS WAF to
2792
+ # take when a web request doesn't match all of the conditions in any
2793
+ # of the rules in a `WebACL`.
2794
+ # @return [Types::WafAction]
2795
+ class UpdateWebACLRequest < Struct.new(
2796
+ :web_acl_id,
2797
+ :change_token,
2798
+ :updates,
2799
+ :default_action)
2800
+ include Aws::Structure
2801
+ end
2802
+
2803
+ # @!attribute [rw] change_token
2804
+ # The `ChangeToken` that you used to submit the `UpdateWebACL`
2805
+ # request. You can also use this value to query the status of the
2806
+ # request. For more information, see GetChangeTokenStatus.
2807
+ # @return [String]
2808
+ class UpdateWebACLResponse < Struct.new(
2809
+ :change_token)
2810
+ include Aws::Structure
2811
+ end
2812
+
2813
+ # A request to update an XssMatchSet.
2814
+ # @note When making an API call, pass UpdateXssMatchSetRequest
2815
+ # data as a hash:
2816
+ #
2817
+ # {
2818
+ # xss_match_set_id: "ResourceId", # required
2819
+ # change_token: "ChangeToken", # required
2820
+ # updates: [ # required
2821
+ # {
2822
+ # action: "INSERT", # required, accepts INSERT, DELETE
2823
+ # xss_match_tuple: { # required
2824
+ # field_to_match: { # required
2825
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2826
+ # data: "MatchFieldData",
2827
+ # },
2828
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2829
+ # },
2830
+ # },
2831
+ # ],
2832
+ # }
2833
+ # @!attribute [rw] xss_match_set_id
2834
+ # The `XssMatchSetId` of the `XssMatchSet` that you want to update.
2835
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
2836
+ # ListXssMatchSets.
2837
+ # @return [String]
2838
+ #
2839
+ # @!attribute [rw] change_token
2840
+ # The value returned by the most recent call to GetChangeToken.
2841
+ # @return [String]
2842
+ #
2843
+ # @!attribute [rw] updates
2844
+ # An array of `XssMatchSetUpdate` objects that you want to insert into
2845
+ # or delete from a XssMatchSet. For more information, see the
2846
+ # applicable data types:
2847
+ #
2848
+ # * XssMatchSetUpdate: Contains `Action` and `XssMatchTuple`
2849
+ #
2850
+ # * XssMatchTuple: Contains `FieldToMatch` and `TextTransformation`
2851
+ #
2852
+ # * FieldToMatch: Contains `Data` and `Type`
2853
+ # @return [Array<Types::XssMatchSetUpdate>]
2854
+ class UpdateXssMatchSetRequest < Struct.new(
2855
+ :xss_match_set_id,
2856
+ :change_token,
2857
+ :updates)
2858
+ include Aws::Structure
2859
+ end
2860
+
2861
+ # The response to an UpdateXssMatchSets request.
2862
+ # @!attribute [rw] change_token
2863
+ # The `ChangeToken` that you used to submit the `UpdateXssMatchSet`
2864
+ # request. You can also use this value to query the status of the
2865
+ # request. For more information, see GetChangeTokenStatus.
2866
+ # @return [String]
2867
+ class UpdateXssMatchSetResponse < Struct.new(
2868
+ :change_token)
2869
+ include Aws::Structure
2870
+ end
2871
+
2872
+ # For the action that is associated with a rule in a `WebACL`, specifies
2873
+ # the action that you want AWS WAF to perform when a web request matches
2874
+ # all of the conditions in a rule. For the default action in a `WebACL`,
2875
+ # specifies the action that you want AWS WAF to take when a web request
2876
+ # doesn't match all of the conditions in any of the rules in a
2877
+ # `WebACL`.
2878
+ # @note When making an API call, pass WafAction
2879
+ # data as a hash:
2880
+ #
2881
+ # {
2882
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2883
+ # }
2884
+ # @!attribute [rw] type
2885
+ # Specifies how you want AWS WAF to respond to requests that match the
2886
+ # settings in a `Rule`. Valid settings include the following:
2887
+ #
2888
+ # * `ALLOW`\: AWS WAF allows requests
2889
+ #
2890
+ # * `BLOCK`\: AWS WAF blocks requests
2891
+ #
2892
+ # * `COUNT`\: AWS WAF increments a counter of the requests that match
2893
+ # all of the conditions in the rule. AWS WAF then continues to
2894
+ # inspect the web request based on the remaining rules in the web
2895
+ # ACL. You can't specify `COUNT` for the default action for a
2896
+ # `WebACL`.
2897
+ # @return [String]
2898
+ class WafAction < Struct.new(
2899
+ :type)
2900
+ include Aws::Structure
2901
+ end
2902
+
2903
+ # Contains the `Rules` that identify the requests that you want to
2904
+ # allow, block, or count. In a `WebACL`, you also specify a default
2905
+ # action (`ALLOW` or `BLOCK`), and the action for each `Rule` that you
2906
+ # add to a `WebACL`, for example, block requests from specified IP
2907
+ # addresses or block requests from specified referrers. You also
2908
+ # associate the `WebACL` with a CloudFront distribution to identify the
2909
+ # requests that you want AWS WAF to filter. If you add more than one
2910
+ # `Rule` to a `WebACL`, a request needs to match only one of the
2911
+ # specifications to be allowed, blocked, or counted. For more
2912
+ # information, see UpdateWebACL.
2913
+ # @!attribute [rw] web_acl_id
2914
+ # A unique identifier for a `WebACL`. You use `WebACLId` to get
2915
+ # information about a `WebACL` (see GetWebACL), update a `WebACL` (see
2916
+ # UpdateWebACL), and delete a `WebACL` from AWS WAF (see
2917
+ # DeleteWebACL).
2918
+ #
2919
+ # `WebACLId` is returned by CreateWebACL and by ListWebACLs.
2920
+ # @return [String]
2921
+ #
2922
+ # @!attribute [rw] name
2923
+ # A friendly name or description of the `WebACL`. You can't change
2924
+ # the name of a `WebACL` after you create it.
2925
+ # @return [String]
2926
+ #
2927
+ # @!attribute [rw] metric_name
2928
+ # @return [String]
2929
+ #
2930
+ # @!attribute [rw] default_action
2931
+ # The action to perform if none of the `Rules` contained in the
2932
+ # `WebACL` match. The action is specified by the WafAction object.
2933
+ # @return [Types::WafAction]
2934
+ #
2935
+ # @!attribute [rw] rules
2936
+ # An array that contains the action for each `Rule` in a `WebACL`, the
2937
+ # priority of the `Rule`, and the ID of the `Rule`.
2938
+ # @return [Array<Types::ActivatedRule>]
2939
+ class WebACL < Struct.new(
2940
+ :web_acl_id,
2941
+ :name,
2942
+ :metric_name,
2943
+ :default_action,
2944
+ :rules)
2945
+ include Aws::Structure
2946
+ end
2947
+
2948
+ # Contains the identifier and the name or description of the WebACL.
2949
+ # @!attribute [rw] web_acl_id
2950
+ # A unique identifier for a `WebACL`. You use `WebACLId` to get
2951
+ # information about a `WebACL` (see GetWebACL), update a `WebACL` (see
2952
+ # UpdateWebACL), and delete a `WebACL` from AWS WAF (see
2953
+ # DeleteWebACL).
2954
+ #
2955
+ # `WebACLId` is returned by CreateWebACL and by ListWebACLs.
2956
+ # @return [String]
2957
+ #
2958
+ # @!attribute [rw] name
2959
+ # A friendly name or description of the WebACL. You can't change the
2960
+ # name of a `WebACL` after you create it.
2961
+ # @return [String]
2962
+ class WebACLSummary < Struct.new(
2963
+ :web_acl_id,
2964
+ :name)
2965
+ include Aws::Structure
2966
+ end
2967
+
2968
+ # Specifies whether to insert a `Rule` into or delete a `Rule` from a
2969
+ # `WebACL`.
2970
+ # @note When making an API call, pass WebACLUpdate
2971
+ # data as a hash:
2972
+ #
2973
+ # {
2974
+ # action: "INSERT", # required, accepts INSERT, DELETE
2975
+ # activated_rule: { # required
2976
+ # priority: 1, # required
2977
+ # rule_id: "ResourceId", # required
2978
+ # action: { # required
2979
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2980
+ # },
2981
+ # },
2982
+ # }
2983
+ # @!attribute [rw] action
2984
+ # Specifies whether to insert a `Rule` into or delete a `Rule` from a
2985
+ # `WebACL`.
2986
+ # @return [String]
2987
+ #
2988
+ # @!attribute [rw] activated_rule
2989
+ # The `ActivatedRule` object in an UpdateWebACL request specifies a
2990
+ # `Rule` that you want to insert or delete, the priority of the `Rule`
2991
+ # in the `WebACL`, and the action that you want AWS WAF to take when a
2992
+ # web request matches the `Rule` (`ALLOW`, `BLOCK`, or `COUNT`).
2993
+ #
2994
+ # To specify whether to insert or delete a `Rule`, use the `Action`
2995
+ # parameter in the WebACLUpdate data type.
2996
+ # @return [Types::ActivatedRule]
2997
+ class WebACLUpdate < Struct.new(
2998
+ :action,
2999
+ :activated_rule)
3000
+ include Aws::Structure
3001
+ end
3002
+
3003
+ # A complex type that contains `XssMatchTuple` objects, which specify
3004
+ # the parts of web requests that you want AWS WAF to inspect for
3005
+ # cross-site scripting attacks and, if you want AWS WAF to inspect a
3006
+ # header, the name of the header. If a `XssMatchSet` contains more than
3007
+ # one `XssMatchTuple` object, a request needs to include cross-site
3008
+ # scripting attacks in only one of the specified parts of the request to
3009
+ # be considered a match.
3010
+ # @!attribute [rw] xss_match_set_id
3011
+ # A unique identifier for an `XssMatchSet`. You use `XssMatchSetId` to
3012
+ # get information about an `XssMatchSet` (see GetXssMatchSet), update
3013
+ # an `XssMatchSet` (see UpdateXssMatchSet), insert an `XssMatchSet`
3014
+ # into a `Rule` or delete one from a `Rule` (see UpdateRule), and
3015
+ # delete an `XssMatchSet` from AWS WAF (see DeleteXssMatchSet).
3016
+ #
3017
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
3018
+ # ListXssMatchSets.
3019
+ # @return [String]
3020
+ #
3021
+ # @!attribute [rw] name
3022
+ # The name, if any, of the `XssMatchSet`.
3023
+ # @return [String]
3024
+ #
3025
+ # @!attribute [rw] xss_match_tuples
3026
+ # Specifies the parts of web requests that you want to inspect for
3027
+ # cross-site scripting attacks.
3028
+ # @return [Array<Types::XssMatchTuple>]
3029
+ class XssMatchSet < Struct.new(
3030
+ :xss_match_set_id,
3031
+ :name,
3032
+ :xss_match_tuples)
3033
+ include Aws::Structure
3034
+ end
3035
+
3036
+ # The `Id` and `Name` of an `XssMatchSet`.
3037
+ # @!attribute [rw] xss_match_set_id
3038
+ # A unique identifier for an `XssMatchSet`. You use `XssMatchSetId` to
3039
+ # get information about a `XssMatchSet` (see GetXssMatchSet), update
3040
+ # an `XssMatchSet` (see UpdateXssMatchSet), insert an `XssMatchSet`
3041
+ # into a `Rule` or delete one from a `Rule` (see UpdateRule), and
3042
+ # delete an `XssMatchSet` from AWS WAF (see DeleteXssMatchSet).
3043
+ #
3044
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
3045
+ # ListXssMatchSets.
3046
+ # @return [String]
3047
+ #
3048
+ # @!attribute [rw] name
3049
+ # The name of the `XssMatchSet`, if any, specified by `Id`.
3050
+ # @return [String]
3051
+ class XssMatchSetSummary < Struct.new(
3052
+ :xss_match_set_id,
3053
+ :name)
3054
+ include Aws::Structure
3055
+ end
3056
+
3057
+ # Specifies the part of a web request that you want to inspect for
3058
+ # cross-site scripting attacks and indicates whether you want to add the
3059
+ # specification to an XssMatchSet or delete it from an `XssMatchSet`.
3060
+ # @note When making an API call, pass XssMatchSetUpdate
3061
+ # data as a hash:
3062
+ #
3063
+ # {
3064
+ # action: "INSERT", # required, accepts INSERT, DELETE
3065
+ # xss_match_tuple: { # required
3066
+ # field_to_match: { # required
3067
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
3068
+ # data: "MatchFieldData",
3069
+ # },
3070
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
3071
+ # },
3072
+ # }
3073
+ # @!attribute [rw] action
3074
+ # Specify `INSERT` to add a XssMatchSetUpdate to an XssMatchSet. Use
3075
+ # `DELETE` to remove a `XssMatchSetUpdate` from an `XssMatchSet`.
3076
+ # @return [String]
3077
+ #
3078
+ # @!attribute [rw] xss_match_tuple
3079
+ # Specifies the part of a web request that you want AWS WAF to inspect
3080
+ # for cross-site scripting attacks and, if you want AWS WAF to inspect
3081
+ # a header, the name of the header.
3082
+ # @return [Types::XssMatchTuple]
3083
+ class XssMatchSetUpdate < Struct.new(
3084
+ :action,
3085
+ :xss_match_tuple)
3086
+ include Aws::Structure
3087
+ end
3088
+
3089
+ # Specifies the part of a web request that you want AWS WAF to inspect
3090
+ # for cross-site scripting attacks and, if you want AWS WAF to inspect a
3091
+ # header, the name of the header.
3092
+ # @note When making an API call, pass XssMatchTuple
3093
+ # data as a hash:
3094
+ #
3095
+ # {
3096
+ # field_to_match: { # required
3097
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
3098
+ # data: "MatchFieldData",
3099
+ # },
3100
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
3101
+ # }
3102
+ # @!attribute [rw] field_to_match
3103
+ # Specifies where in a web request to look for `TargetString`.
3104
+ # @return [Types::FieldToMatch]
3105
+ #
3106
+ # @!attribute [rw] text_transformation
3107
+ # Text transformations eliminate some of the unusual formatting that
3108
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
3109
+ # specify a transformation, AWS WAF performs the transformation on
3110
+ # `FieldToMatch` before inspecting a request for a match.
3111
+ #
3112
+ # **CMD\_LINE**
3113
+ #
3114
+ # When you're concerned that attackers are injecting an operating
3115
+ # system commandline command and using unusual formatting to disguise
3116
+ # some or all of the command, use this option to perform the following
3117
+ # transformations:
3118
+ #
3119
+ # * Delete the following characters: \\ " ' ^
3120
+ #
3121
+ # * Delete spaces before the following characters: / (
3122
+ #
3123
+ # * Replace the following characters with a space: , ;
3124
+ #
3125
+ # * Replace multiple spaces with one space
3126
+ #
3127
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
3128
+ #
3129
+ # **COMPRESS\_WHITE\_SPACE**
3130
+ #
3131
+ # Use this option to replace the following characters with a space
3132
+ # character (decimal 32):
3133
+ #
3134
+ # * \\f, formfeed, decimal 12
3135
+ #
3136
+ # * \\t, tab, decimal 9
3137
+ #
3138
+ # * \\n, newline, decimal 10
3139
+ #
3140
+ # * \\r, carriage return, decimal 13
3141
+ #
3142
+ # * \\v, vertical tab, decimal 11
3143
+ #
3144
+ # * non-breaking space, decimal 160
3145
+ #
3146
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
3147
+ #
3148
+ # **HTML\_ENTITY\_DECODE**
3149
+ #
3150
+ # Use this option to replace HTML-encoded characters with unencoded
3151
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
3152
+ #
3153
+ # * Replaces `(ampersand)quot;` with `"`
3154
+ #
3155
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
3156
+ #
3157
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
3158
+ #
3159
+ # * Replaces `(ampersand)gt;` with `>`
3160
+ #
3161
+ # * Replaces characters that are represented in hexadecimal format,
3162
+ # `(ampersand)#xhhhh;`, with the corresponding characters
3163
+ #
3164
+ # * Replaces characters that are represented in decimal format,
3165
+ # `(ampersand)#nnnn;`, with the corresponding characters
3166
+ #
3167
+ # **LOWERCASE**
3168
+ #
3169
+ # Use this option to convert uppercase letters (A-Z) to lowercase
3170
+ # (a-z).
3171
+ #
3172
+ # **URL\_DECODE**
3173
+ #
3174
+ # Use this option to decode a URL-encoded value.
3175
+ #
3176
+ # **NONE**
3177
+ #
3178
+ # Specify `NONE` if you don't want to perform any text
3179
+ # transformations.
3180
+ # @return [String]
3181
+ class XssMatchTuple < Struct.new(
3182
+ :field_to_match,
3183
+ :text_transformation)
3184
+ include Aws::Structure
3185
+ end
3186
+
3187
+ end
3188
+ end
3189
+ end