aws-sdk-waf 1.0.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
File without changes
@@ -0,0 +1,23 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing for info on making contributions:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws
9
+ module WAF
10
+ module Errors
11
+
12
+ extend Aws::Errors::DynamicErrors
13
+
14
+ # Raised when calling #load or #data on a resource class that can not be
15
+ # loaded. This can happen when:
16
+ #
17
+ # * A resource class has identifiers, but no data attributes.
18
+ # * Resource data is only available when making an API call that
19
+ # enumerates all resources of that type.
20
+ class ResourceNotLoadable < RuntimeError; end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,25 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing for info on making contributions:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws
9
+ module WAF
10
+ class Resource
11
+
12
+ # @param options ({})
13
+ # @option options [Client] :client
14
+ def initialize(options = {})
15
+ @client = options[:client] || Client.new(options)
16
+ end
17
+
18
+ # @return [Client]
19
+ def client
20
+ @client
21
+ end
22
+
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,3189 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing for info on making contributions:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws
9
+ module WAF
10
+ module Types
11
+
12
+ # The `ActivatedRule` object in an UpdateWebACL request specifies a
13
+ # `Rule` that you want to insert or delete, the priority of the `Rule`
14
+ # in the `WebACL`, and the action that you want AWS WAF to take when a
15
+ # web request matches the `Rule` (`ALLOW`, `BLOCK`, or `COUNT`).
16
+ #
17
+ # To specify whether to insert or delete a `Rule`, use the `Action`
18
+ # parameter in the WebACLUpdate data type.
19
+ # @note When making an API call, pass ActivatedRule
20
+ # data as a hash:
21
+ #
22
+ # {
23
+ # priority: 1, # required
24
+ # rule_id: "ResourceId", # required
25
+ # action: { # required
26
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
27
+ # },
28
+ # }
29
+ # @!attribute [rw] priority
30
+ # Specifies the order in which the `Rules` in a `WebACL` are
31
+ # evaluated. Rules with a lower value for `Priority` are evaluated
32
+ # before `Rules` with a higher value. The value must be a unique
33
+ # integer. If you add multiple `Rules` to a `WebACL`, the values
34
+ # don't need to be consecutive.
35
+ # @return [Integer]
36
+ #
37
+ # @!attribute [rw] rule_id
38
+ # The `RuleId` for a `Rule`. You use `RuleId` to get more information
39
+ # about a `Rule` (see GetRule), update a `Rule` (see UpdateRule),
40
+ # insert a `Rule` into a `WebACL` or delete a one from a `WebACL` (see
41
+ # UpdateWebACL), or delete a `Rule` from AWS WAF (see DeleteRule).
42
+ #
43
+ # `RuleId` is returned by CreateRule and by ListRules.
44
+ # @return [String]
45
+ #
46
+ # @!attribute [rw] action
47
+ # Specifies the action that CloudFront or AWS WAF takes when a web
48
+ # request matches the conditions in the `Rule`. Valid values for
49
+ # `Action` include the following:
50
+ #
51
+ # * `ALLOW`\: CloudFront responds with the requested object.
52
+ #
53
+ # * `BLOCK`\: CloudFront responds with an HTTP 403 (Forbidden) status
54
+ # code.
55
+ #
56
+ # * `COUNT`\: AWS WAF increments a counter of requests that match the
57
+ # conditions in the rule and then continues to inspect the web
58
+ # request based on the remaining rules in the web ACL.
59
+ # @return [Types::WafAction]
60
+ class ActivatedRule < Struct.new(
61
+ :priority,
62
+ :rule_id,
63
+ :action)
64
+ include Aws::Structure
65
+ end
66
+
67
+ # In a GetByteMatchSet request, `ByteMatchSet` is a complex type that
68
+ # contains the `ByteMatchSetId` and `Name` of a `ByteMatchSet`, and the
69
+ # values that you specified when you updated the `ByteMatchSet`.
70
+ #
71
+ # A complex type that contains `ByteMatchTuple` objects, which specify
72
+ # the parts of web requests that you want AWS WAF to inspect and the
73
+ # values that you want AWS WAF to search for. If a `ByteMatchSet`
74
+ # contains more than one `ByteMatchTuple` object, a request needs to
75
+ # match the settings in only one `ByteMatchTuple` to be considered a
76
+ # match.
77
+ # @!attribute [rw] byte_match_set_id
78
+ # The `ByteMatchSetId` for a `ByteMatchSet`. You use `ByteMatchSetId`
79
+ # to get information about a `ByteMatchSet` (see GetByteMatchSet),
80
+ # update a `ByteMatchSet` (see UpdateByteMatchSet), insert a
81
+ # `ByteMatchSet` into a `Rule` or delete one from a `Rule` (see
82
+ # UpdateRule), and delete a `ByteMatchSet` from AWS WAF (see
83
+ # DeleteByteMatchSet).
84
+ #
85
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
86
+ # ListByteMatchSets.
87
+ # @return [String]
88
+ #
89
+ # @!attribute [rw] name
90
+ # A friendly name or description of the ByteMatchSet. You can't
91
+ # change `Name` after you create a `ByteMatchSet`.
92
+ # @return [String]
93
+ #
94
+ # @!attribute [rw] byte_match_tuples
95
+ # Specifies the bytes (typically a string that corresponds with ASCII
96
+ # characters) that you want AWS WAF to search for in web requests, the
97
+ # location in requests that you want AWS WAF to search, and other
98
+ # settings.
99
+ # @return [Array<Types::ByteMatchTuple>]
100
+ class ByteMatchSet < Struct.new(
101
+ :byte_match_set_id,
102
+ :name,
103
+ :byte_match_tuples)
104
+ include Aws::Structure
105
+ end
106
+
107
+ # Returned by ListByteMatchSets. Each `ByteMatchSetSummary` object
108
+ # includes the `Name` and `ByteMatchSetId` for one ByteMatchSet.
109
+ # @!attribute [rw] byte_match_set_id
110
+ # The `ByteMatchSetId` for a `ByteMatchSet`. You use `ByteMatchSetId`
111
+ # to get information about a `ByteMatchSet`, update a `ByteMatchSet`,
112
+ # remove a `ByteMatchSet` from a `Rule`, and delete a `ByteMatchSet`
113
+ # from AWS WAF.
114
+ #
115
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
116
+ # ListByteMatchSets.
117
+ # @return [String]
118
+ #
119
+ # @!attribute [rw] name
120
+ # A friendly name or description of the ByteMatchSet. You can't
121
+ # change `Name` after you create a `ByteMatchSet`.
122
+ # @return [String]
123
+ class ByteMatchSetSummary < Struct.new(
124
+ :byte_match_set_id,
125
+ :name)
126
+ include Aws::Structure
127
+ end
128
+
129
+ # In an UpdateByteMatchSet request, `ByteMatchSetUpdate` specifies
130
+ # whether to insert or delete a ByteMatchTuple and includes the settings
131
+ # for the `ByteMatchTuple`.
132
+ # @note When making an API call, pass ByteMatchSetUpdate
133
+ # data as a hash:
134
+ #
135
+ # {
136
+ # action: "INSERT", # required, accepts INSERT, DELETE
137
+ # byte_match_tuple: { # required
138
+ # field_to_match: { # required
139
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
140
+ # data: "MatchFieldData",
141
+ # },
142
+ # target_string: "data", # required
143
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
144
+ # positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
145
+ # },
146
+ # }
147
+ # @!attribute [rw] action
148
+ # Specifies whether to insert or delete a ByteMatchTuple.
149
+ # @return [String]
150
+ #
151
+ # @!attribute [rw] byte_match_tuple
152
+ # Information about the part of a web request that you want AWS WAF to
153
+ # inspect and the value that you want AWS WAF to search for. If you
154
+ # specify `DELETE` for the value of `Action`, the `ByteMatchTuple`
155
+ # values must exactly match the values in the `ByteMatchTuple` that
156
+ # you want to delete from the `ByteMatchSet`.
157
+ # @return [Types::ByteMatchTuple]
158
+ class ByteMatchSetUpdate < Struct.new(
159
+ :action,
160
+ :byte_match_tuple)
161
+ include Aws::Structure
162
+ end
163
+
164
+ # The bytes (typically a string that corresponds with ASCII characters)
165
+ # that you want AWS WAF to search for in web requests, the location in
166
+ # requests that you want AWS WAF to search, and other settings.
167
+ # @note When making an API call, pass ByteMatchTuple
168
+ # data as a hash:
169
+ #
170
+ # {
171
+ # field_to_match: { # required
172
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
173
+ # data: "MatchFieldData",
174
+ # },
175
+ # target_string: "data", # required
176
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
177
+ # positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
178
+ # }
179
+ # @!attribute [rw] field_to_match
180
+ # The part of a web request that you want AWS WAF to search, such as a
181
+ # specified header or a query string. For more information, see
182
+ # FieldToMatch.
183
+ # @return [Types::FieldToMatch]
184
+ #
185
+ # @!attribute [rw] target_string
186
+ # The value that you want AWS WAF to search for. AWS WAF searches for
187
+ # the specified string in the part of web requests that you specified
188
+ # in `FieldToMatch`. The maximum length of the value is 50 bytes.
189
+ #
190
+ # Valid values depend on the values that you specified for
191
+ # `FieldToMatch`\:
192
+ #
193
+ # * `HEADER`\: The value that you want AWS WAF to search for in the
194
+ # request header that you specified in FieldToMatch, for example,
195
+ # the value of the `User-Agent` or `Referer` header.
196
+ #
197
+ # * `METHOD`\: The HTTP method, which indicates the type of operation
198
+ # specified in the request. CloudFront supports the following
199
+ # methods: `DELETE`, `GET`, `HEAD`, `OPTIONS`, `PATCH`, `POST`, and
200
+ # `PUT`.
201
+ #
202
+ # * `QUERY_STRING`\: The value that you want AWS WAF to search for in
203
+ # the query string, which is the part of a URL that appears after a
204
+ # `?` character.
205
+ #
206
+ # * `URI`\: The value that you want AWS WAF to search for in the part
207
+ # of a URL that identifies a resource, for example,
208
+ # `/images/daily-ad.jpg`.
209
+ #
210
+ # * `BODY`\: The part of a request that contains any additional data
211
+ # that you want to send to your web server as the HTTP request body,
212
+ # such as data from a form. The request body immediately follows the
213
+ # request headers. Note that only the first `8192` bytes of the
214
+ # request body are forwarded to AWS WAF for inspection. To allow or
215
+ # block requests based on the length of the body, you can create a
216
+ # size constraint set. For more information, see
217
+ # CreateSizeConstraintSet.
218
+ #
219
+ # If `TargetString` includes alphabetic characters A-Z and a-z, note
220
+ # that the value is case sensitive.
221
+ #
222
+ # **If you're using the AWS WAF API**
223
+ #
224
+ # Specify a base64-encoded version of the value. The maximum length of
225
+ # the value before you base64-encode it is 50 bytes.
226
+ #
227
+ # For example, suppose the value of `Type` is `HEADER` and the value
228
+ # of `Data` is `User-Agent`. If you want to search the `User-Agent`
229
+ # header for the value `BadBot`, you base64-encode `BadBot` using MIME
230
+ # base64 encoding and include the resulting value, `QmFkQm90`, in the
231
+ # value of `TargetString`.
232
+ #
233
+ # **If you're using the AWS CLI or one of the AWS SDKs**
234
+ #
235
+ # The value that you want AWS WAF to search for. The SDK automatically
236
+ # base64 encodes the value.
237
+ # @return [String]
238
+ #
239
+ # @!attribute [rw] text_transformation
240
+ # Text transformations eliminate some of the unusual formatting that
241
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
242
+ # specify a transformation, AWS WAF performs the transformation on
243
+ # `TargetString` before inspecting a request for a match.
244
+ #
245
+ # **CMD\_LINE**
246
+ #
247
+ # When you're concerned that attackers are injecting an operating
248
+ # system commandline command and using unusual formatting to disguise
249
+ # some or all of the command, use this option to perform the following
250
+ # transformations:
251
+ #
252
+ # * Delete the following characters: \\ " ' ^
253
+ #
254
+ # * Delete spaces before the following characters: / (
255
+ #
256
+ # * Replace the following characters with a space: , ;
257
+ #
258
+ # * Replace multiple spaces with one space
259
+ #
260
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
261
+ #
262
+ # **COMPRESS\_WHITE\_SPACE**
263
+ #
264
+ # Use this option to replace the following characters with a space
265
+ # character (decimal 32):
266
+ #
267
+ # * \\f, formfeed, decimal 12
268
+ #
269
+ # * \\t, tab, decimal 9
270
+ #
271
+ # * \\n, newline, decimal 10
272
+ #
273
+ # * \\r, carriage return, decimal 13
274
+ #
275
+ # * \\v, vertical tab, decimal 11
276
+ #
277
+ # * non-breaking space, decimal 160
278
+ #
279
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
280
+ #
281
+ # **HTML\_ENTITY\_DECODE**
282
+ #
283
+ # Use this option to replace HTML-encoded characters with unencoded
284
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
285
+ #
286
+ # * Replaces `(ampersand)quot;` with `"`
287
+ #
288
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
289
+ #
290
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
291
+ #
292
+ # * Replaces `(ampersand)gt;` with `>`
293
+ #
294
+ # * Replaces characters that are represented in hexadecimal format,
295
+ # `(ampersand)#xhhhh;`, with the corresponding characters
296
+ #
297
+ # * Replaces characters that are represented in decimal format,
298
+ # `(ampersand)#nnnn;`, with the corresponding characters
299
+ #
300
+ # **LOWERCASE**
301
+ #
302
+ # Use this option to convert uppercase letters (A-Z) to lowercase
303
+ # (a-z).
304
+ #
305
+ # **URL\_DECODE**
306
+ #
307
+ # Use this option to decode a URL-encoded value.
308
+ #
309
+ # **NONE**
310
+ #
311
+ # Specify `NONE` if you don't want to perform any text
312
+ # transformations.
313
+ # @return [String]
314
+ #
315
+ # @!attribute [rw] positional_constraint
316
+ # Within the portion of a web request that you want to search (for
317
+ # example, in the query string, if any), specify where you want AWS
318
+ # WAF to search. Valid values include the following:
319
+ #
320
+ # **CONTAINS**
321
+ #
322
+ # The specified part of the web request must include the value of
323
+ # `TargetString`, but the location doesn't matter.
324
+ #
325
+ # **CONTAINS\_WORD**
326
+ #
327
+ # The specified part of the web request must include the value of
328
+ # `TargetString`, and `TargetString` must contain only alphanumeric
329
+ # characters or underscore (A-Z, a-z, 0-9, or \_). In addition,
330
+ # `TargetString` must be a word, which means one of the following:
331
+ #
332
+ # * `TargetString` exactly matches the value of the specified part of
333
+ # the web request, such as the value of a header.
334
+ #
335
+ # * `TargetString` is at the beginning of the specified part of the
336
+ # web request and is followed by a character other than an
337
+ # alphanumeric character or underscore (\_), for example, `BadBot;`.
338
+ #
339
+ # * `TargetString` is at the end of the specified part of the web
340
+ # request and is preceded by a character other than an alphanumeric
341
+ # character or underscore (\_), for example, `;BadBot`.
342
+ #
343
+ # * `TargetString` is in the middle of the specified part of the web
344
+ # request and is preceded and followed by characters other than
345
+ # alphanumeric characters or underscore (\_), for example,
346
+ # `-BadBot;`.
347
+ #
348
+ # **EXACTLY**
349
+ #
350
+ # The value of the specified part of the web request must exactly
351
+ # match the value of `TargetString`.
352
+ #
353
+ # **STARTS\_WITH**
354
+ #
355
+ # The value of `TargetString` must appear at the beginning of the
356
+ # specified part of the web request.
357
+ #
358
+ # **ENDS\_WITH**
359
+ #
360
+ # The value of `TargetString` must appear at the end of the specified
361
+ # part of the web request.
362
+ # @return [String]
363
+ class ByteMatchTuple < Struct.new(
364
+ :field_to_match,
365
+ :target_string,
366
+ :text_transformation,
367
+ :positional_constraint)
368
+ include Aws::Structure
369
+ end
370
+
371
+ # @note When making an API call, pass CreateByteMatchSetRequest
372
+ # data as a hash:
373
+ #
374
+ # {
375
+ # name: "ResourceName", # required
376
+ # change_token: "ChangeToken", # required
377
+ # }
378
+ # @!attribute [rw] name
379
+ # A friendly name or description of the ByteMatchSet. You can't
380
+ # change `Name` after you create a `ByteMatchSet`.
381
+ # @return [String]
382
+ #
383
+ # @!attribute [rw] change_token
384
+ # The value returned by the most recent call to GetChangeToken.
385
+ # @return [String]
386
+ class CreateByteMatchSetRequest < Struct.new(
387
+ :name,
388
+ :change_token)
389
+ include Aws::Structure
390
+ end
391
+
392
+ # @!attribute [rw] byte_match_set
393
+ # A ByteMatchSet that contains no `ByteMatchTuple` objects.
394
+ # @return [Types::ByteMatchSet]
395
+ #
396
+ # @!attribute [rw] change_token
397
+ # The `ChangeToken` that you used to submit the `CreateByteMatchSet`
398
+ # request. You can also use this value to query the status of the
399
+ # request. For more information, see GetChangeTokenStatus.
400
+ # @return [String]
401
+ class CreateByteMatchSetResponse < Struct.new(
402
+ :byte_match_set,
403
+ :change_token)
404
+ include Aws::Structure
405
+ end
406
+
407
+ # @note When making an API call, pass CreateIPSetRequest
408
+ # data as a hash:
409
+ #
410
+ # {
411
+ # name: "ResourceName", # required
412
+ # change_token: "ChangeToken", # required
413
+ # }
414
+ # @!attribute [rw] name
415
+ # A friendly name or description of the IPSet. You can't change
416
+ # `Name` after you create the `IPSet`.
417
+ # @return [String]
418
+ #
419
+ # @!attribute [rw] change_token
420
+ # The value returned by the most recent call to GetChangeToken.
421
+ # @return [String]
422
+ class CreateIPSetRequest < Struct.new(
423
+ :name,
424
+ :change_token)
425
+ include Aws::Structure
426
+ end
427
+
428
+ # @!attribute [rw] ip_set
429
+ # The IPSet returned in the `CreateIPSet` response.
430
+ # @return [Types::IPSet]
431
+ #
432
+ # @!attribute [rw] change_token
433
+ # The `ChangeToken` that you used to submit the `CreateIPSet` request.
434
+ # You can also use this value to query the status of the request. For
435
+ # more information, see GetChangeTokenStatus.
436
+ # @return [String]
437
+ class CreateIPSetResponse < Struct.new(
438
+ :ip_set,
439
+ :change_token)
440
+ include Aws::Structure
441
+ end
442
+
443
+ # @note When making an API call, pass CreateRuleRequest
444
+ # data as a hash:
445
+ #
446
+ # {
447
+ # name: "ResourceName", # required
448
+ # metric_name: "MetricName", # required
449
+ # change_token: "ChangeToken", # required
450
+ # }
451
+ # @!attribute [rw] name
452
+ # A friendly name or description of the Rule. You can't change the
453
+ # name of a `Rule` after you create it.
454
+ # @return [String]
455
+ #
456
+ # @!attribute [rw] metric_name
457
+ # A friendly name or description for the metrics for this `Rule`. The
458
+ # name can contain only alphanumeric characters (A-Z, a-z, 0-9); the
459
+ # name can't contain whitespace. You can't change the name of the
460
+ # metric after you create the `Rule`.
461
+ # @return [String]
462
+ #
463
+ # @!attribute [rw] change_token
464
+ # The value returned by the most recent call to GetChangeToken.
465
+ # @return [String]
466
+ class CreateRuleRequest < Struct.new(
467
+ :name,
468
+ :metric_name,
469
+ :change_token)
470
+ include Aws::Structure
471
+ end
472
+
473
+ # @!attribute [rw] rule
474
+ # The Rule returned in the `CreateRule` response.
475
+ # @return [Types::Rule]
476
+ #
477
+ # @!attribute [rw] change_token
478
+ # The `ChangeToken` that you used to submit the `CreateRule` request.
479
+ # You can also use this value to query the status of the request. For
480
+ # more information, see GetChangeTokenStatus.
481
+ # @return [String]
482
+ class CreateRuleResponse < Struct.new(
483
+ :rule,
484
+ :change_token)
485
+ include Aws::Structure
486
+ end
487
+
488
+ # @note When making an API call, pass CreateSizeConstraintSetRequest
489
+ # data as a hash:
490
+ #
491
+ # {
492
+ # name: "ResourceName", # required
493
+ # change_token: "ChangeToken", # required
494
+ # }
495
+ # @!attribute [rw] name
496
+ # A friendly name or description of the SizeConstraintSet. You can't
497
+ # change `Name` after you create a `SizeConstraintSet`.
498
+ # @return [String]
499
+ #
500
+ # @!attribute [rw] change_token
501
+ # The value returned by the most recent call to GetChangeToken.
502
+ # @return [String]
503
+ class CreateSizeConstraintSetRequest < Struct.new(
504
+ :name,
505
+ :change_token)
506
+ include Aws::Structure
507
+ end
508
+
509
+ # @!attribute [rw] size_constraint_set
510
+ # A SizeConstraintSet that contains no `SizeConstraint` objects.
511
+ # @return [Types::SizeConstraintSet]
512
+ #
513
+ # @!attribute [rw] change_token
514
+ # The `ChangeToken` that you used to submit the
515
+ # `CreateSizeConstraintSet` request. You can also use this value to
516
+ # query the status of the request. For more information, see
517
+ # GetChangeTokenStatus.
518
+ # @return [String]
519
+ class CreateSizeConstraintSetResponse < Struct.new(
520
+ :size_constraint_set,
521
+ :change_token)
522
+ include Aws::Structure
523
+ end
524
+
525
+ # A request to create a SqlInjectionMatchSet.
526
+ # @note When making an API call, pass CreateSqlInjectionMatchSetRequest
527
+ # data as a hash:
528
+ #
529
+ # {
530
+ # name: "ResourceName", # required
531
+ # change_token: "ChangeToken", # required
532
+ # }
533
+ # @!attribute [rw] name
534
+ # A friendly name or description for the SqlInjectionMatchSet that
535
+ # you're creating. You can't change `Name` after you create the
536
+ # `SqlInjectionMatchSet`.
537
+ # @return [String]
538
+ #
539
+ # @!attribute [rw] change_token
540
+ # The value returned by the most recent call to GetChangeToken.
541
+ # @return [String]
542
+ class CreateSqlInjectionMatchSetRequest < Struct.new(
543
+ :name,
544
+ :change_token)
545
+ include Aws::Structure
546
+ end
547
+
548
+ # The response to a `CreateSqlInjectionMatchSet` request.
549
+ # @!attribute [rw] sql_injection_match_set
550
+ # A SqlInjectionMatchSet.
551
+ # @return [Types::SqlInjectionMatchSet]
552
+ #
553
+ # @!attribute [rw] change_token
554
+ # The `ChangeToken` that you used to submit the
555
+ # `CreateSqlInjectionMatchSet` request. You can also use this value to
556
+ # query the status of the request. For more information, see
557
+ # GetChangeTokenStatus.
558
+ # @return [String]
559
+ class CreateSqlInjectionMatchSetResponse < Struct.new(
560
+ :sql_injection_match_set,
561
+ :change_token)
562
+ include Aws::Structure
563
+ end
564
+
565
+ # @note When making an API call, pass CreateWebACLRequest
566
+ # data as a hash:
567
+ #
568
+ # {
569
+ # name: "ResourceName", # required
570
+ # metric_name: "MetricName", # required
571
+ # default_action: { # required
572
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
573
+ # },
574
+ # change_token: "ChangeToken", # required
575
+ # }
576
+ # @!attribute [rw] name
577
+ # A friendly name or description of the WebACL. You can't change
578
+ # `Name` after you create the `WebACL`.
579
+ # @return [String]
580
+ #
581
+ # @!attribute [rw] metric_name
582
+ # A friendly name or description for the metrics for this `WebACL`.
583
+ # The name can contain only alphanumeric characters (A-Z, a-z, 0-9);
584
+ # the name can't contain whitespace. You can't change `MetricName`
585
+ # after you create the `WebACL`.
586
+ # @return [String]
587
+ #
588
+ # @!attribute [rw] default_action
589
+ # The action that you want AWS WAF to take when a request doesn't
590
+ # match the criteria specified in any of the `Rule` objects that are
591
+ # associated with the `WebACL`.
592
+ # @return [Types::WafAction]
593
+ #
594
+ # @!attribute [rw] change_token
595
+ # The value returned by the most recent call to GetChangeToken.
596
+ # @return [String]
597
+ class CreateWebACLRequest < Struct.new(
598
+ :name,
599
+ :metric_name,
600
+ :default_action,
601
+ :change_token)
602
+ include Aws::Structure
603
+ end
604
+
605
+ # @!attribute [rw] web_acl
606
+ # The WebACL returned in the `CreateWebACL` response.
607
+ # @return [Types::WebACL]
608
+ #
609
+ # @!attribute [rw] change_token
610
+ # The `ChangeToken` that you used to submit the `CreateWebACL`
611
+ # request. You can also use this value to query the status of the
612
+ # request. For more information, see GetChangeTokenStatus.
613
+ # @return [String]
614
+ class CreateWebACLResponse < Struct.new(
615
+ :web_acl,
616
+ :change_token)
617
+ include Aws::Structure
618
+ end
619
+
620
+ # A request to create an XssMatchSet.
621
+ # @note When making an API call, pass CreateXssMatchSetRequest
622
+ # data as a hash:
623
+ #
624
+ # {
625
+ # name: "ResourceName", # required
626
+ # change_token: "ChangeToken", # required
627
+ # }
628
+ # @!attribute [rw] name
629
+ # A friendly name or description for the XssMatchSet that you're
630
+ # creating. You can't change `Name` after you create the
631
+ # `XssMatchSet`.
632
+ # @return [String]
633
+ #
634
+ # @!attribute [rw] change_token
635
+ # The value returned by the most recent call to GetChangeToken.
636
+ # @return [String]
637
+ class CreateXssMatchSetRequest < Struct.new(
638
+ :name,
639
+ :change_token)
640
+ include Aws::Structure
641
+ end
642
+
643
+ # The response to a `CreateXssMatchSet` request.
644
+ # @!attribute [rw] xss_match_set
645
+ # An XssMatchSet.
646
+ # @return [Types::XssMatchSet]
647
+ #
648
+ # @!attribute [rw] change_token
649
+ # The `ChangeToken` that you used to submit the `CreateXssMatchSet`
650
+ # request. You can also use this value to query the status of the
651
+ # request. For more information, see GetChangeTokenStatus.
652
+ # @return [String]
653
+ class CreateXssMatchSetResponse < Struct.new(
654
+ :xss_match_set,
655
+ :change_token)
656
+ include Aws::Structure
657
+ end
658
+
659
+ # @note When making an API call, pass DeleteByteMatchSetRequest
660
+ # data as a hash:
661
+ #
662
+ # {
663
+ # byte_match_set_id: "ResourceId", # required
664
+ # change_token: "ChangeToken", # required
665
+ # }
666
+ # @!attribute [rw] byte_match_set_id
667
+ # The `ByteMatchSetId` of the ByteMatchSet that you want to delete.
668
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
669
+ # ListByteMatchSets.
670
+ # @return [String]
671
+ #
672
+ # @!attribute [rw] change_token
673
+ # The value returned by the most recent call to GetChangeToken.
674
+ # @return [String]
675
+ class DeleteByteMatchSetRequest < Struct.new(
676
+ :byte_match_set_id,
677
+ :change_token)
678
+ include Aws::Structure
679
+ end
680
+
681
+ # @!attribute [rw] change_token
682
+ # The `ChangeToken` that you used to submit the `DeleteByteMatchSet`
683
+ # request. You can also use this value to query the status of the
684
+ # request. For more information, see GetChangeTokenStatus.
685
+ # @return [String]
686
+ class DeleteByteMatchSetResponse < Struct.new(
687
+ :change_token)
688
+ include Aws::Structure
689
+ end
690
+
691
+ # @note When making an API call, pass DeleteIPSetRequest
692
+ # data as a hash:
693
+ #
694
+ # {
695
+ # ip_set_id: "ResourceId", # required
696
+ # change_token: "ChangeToken", # required
697
+ # }
698
+ # @!attribute [rw] ip_set_id
699
+ # The `IPSetId` of the IPSet that you want to delete. `IPSetId` is
700
+ # returned by CreateIPSet and by ListIPSets.
701
+ # @return [String]
702
+ #
703
+ # @!attribute [rw] change_token
704
+ # The value returned by the most recent call to GetChangeToken.
705
+ # @return [String]
706
+ class DeleteIPSetRequest < Struct.new(
707
+ :ip_set_id,
708
+ :change_token)
709
+ include Aws::Structure
710
+ end
711
+
712
+ # @!attribute [rw] change_token
713
+ # The `ChangeToken` that you used to submit the `DeleteIPSet` request.
714
+ # You can also use this value to query the status of the request. For
715
+ # more information, see GetChangeTokenStatus.
716
+ # @return [String]
717
+ class DeleteIPSetResponse < Struct.new(
718
+ :change_token)
719
+ include Aws::Structure
720
+ end
721
+
722
+ # @note When making an API call, pass DeleteRuleRequest
723
+ # data as a hash:
724
+ #
725
+ # {
726
+ # rule_id: "ResourceId", # required
727
+ # change_token: "ChangeToken", # required
728
+ # }
729
+ # @!attribute [rw] rule_id
730
+ # The `RuleId` of the Rule that you want to delete. `RuleId` is
731
+ # returned by CreateRule and by ListRules.
732
+ # @return [String]
733
+ #
734
+ # @!attribute [rw] change_token
735
+ # The value returned by the most recent call to GetChangeToken.
736
+ # @return [String]
737
+ class DeleteRuleRequest < Struct.new(
738
+ :rule_id,
739
+ :change_token)
740
+ include Aws::Structure
741
+ end
742
+
743
+ # @!attribute [rw] change_token
744
+ # The `ChangeToken` that you used to submit the `DeleteRule` request.
745
+ # You can also use this value to query the status of the request. For
746
+ # more information, see GetChangeTokenStatus.
747
+ # @return [String]
748
+ class DeleteRuleResponse < Struct.new(
749
+ :change_token)
750
+ include Aws::Structure
751
+ end
752
+
753
+ # @note When making an API call, pass DeleteSizeConstraintSetRequest
754
+ # data as a hash:
755
+ #
756
+ # {
757
+ # size_constraint_set_id: "ResourceId", # required
758
+ # change_token: "ChangeToken", # required
759
+ # }
760
+ # @!attribute [rw] size_constraint_set_id
761
+ # The `SizeConstraintSetId` of the SizeConstraintSet that you want to
762
+ # delete. `SizeConstraintSetId` is returned by CreateSizeConstraintSet
763
+ # and by ListSizeConstraintSets.
764
+ # @return [String]
765
+ #
766
+ # @!attribute [rw] change_token
767
+ # The value returned by the most recent call to GetChangeToken.
768
+ # @return [String]
769
+ class DeleteSizeConstraintSetRequest < Struct.new(
770
+ :size_constraint_set_id,
771
+ :change_token)
772
+ include Aws::Structure
773
+ end
774
+
775
+ # @!attribute [rw] change_token
776
+ # The `ChangeToken` that you used to submit the
777
+ # `DeleteSizeConstraintSet` request. You can also use this value to
778
+ # query the status of the request. For more information, see
779
+ # GetChangeTokenStatus.
780
+ # @return [String]
781
+ class DeleteSizeConstraintSetResponse < Struct.new(
782
+ :change_token)
783
+ include Aws::Structure
784
+ end
785
+
786
+ # A request to delete a SqlInjectionMatchSet from AWS WAF.
787
+ # @note When making an API call, pass DeleteSqlInjectionMatchSetRequest
788
+ # data as a hash:
789
+ #
790
+ # {
791
+ # sql_injection_match_set_id: "ResourceId", # required
792
+ # change_token: "ChangeToken", # required
793
+ # }
794
+ # @!attribute [rw] sql_injection_match_set_id
795
+ # The `SqlInjectionMatchSetId` of the SqlInjectionMatchSet that you
796
+ # want to delete. `SqlInjectionMatchSetId` is returned by
797
+ # CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.
798
+ # @return [String]
799
+ #
800
+ # @!attribute [rw] change_token
801
+ # The value returned by the most recent call to GetChangeToken.
802
+ # @return [String]
803
+ class DeleteSqlInjectionMatchSetRequest < Struct.new(
804
+ :sql_injection_match_set_id,
805
+ :change_token)
806
+ include Aws::Structure
807
+ end
808
+
809
+ # The response to a request to delete a SqlInjectionMatchSet from AWS
810
+ # WAF.
811
+ # @!attribute [rw] change_token
812
+ # The `ChangeToken` that you used to submit the
813
+ # `DeleteSqlInjectionMatchSet` request. You can also use this value to
814
+ # query the status of the request. For more information, see
815
+ # GetChangeTokenStatus.
816
+ # @return [String]
817
+ class DeleteSqlInjectionMatchSetResponse < Struct.new(
818
+ :change_token)
819
+ include Aws::Structure
820
+ end
821
+
822
+ # @note When making an API call, pass DeleteWebACLRequest
823
+ # data as a hash:
824
+ #
825
+ # {
826
+ # web_acl_id: "ResourceId", # required
827
+ # change_token: "ChangeToken", # required
828
+ # }
829
+ # @!attribute [rw] web_acl_id
830
+ # The `WebACLId` of the WebACL that you want to delete. `WebACLId` is
831
+ # returned by CreateWebACL and by ListWebACLs.
832
+ # @return [String]
833
+ #
834
+ # @!attribute [rw] change_token
835
+ # The value returned by the most recent call to GetChangeToken.
836
+ # @return [String]
837
+ class DeleteWebACLRequest < Struct.new(
838
+ :web_acl_id,
839
+ :change_token)
840
+ include Aws::Structure
841
+ end
842
+
843
+ # @!attribute [rw] change_token
844
+ # The `ChangeToken` that you used to submit the `DeleteWebACL`
845
+ # request. You can also use this value to query the status of the
846
+ # request. For more information, see GetChangeTokenStatus.
847
+ # @return [String]
848
+ class DeleteWebACLResponse < Struct.new(
849
+ :change_token)
850
+ include Aws::Structure
851
+ end
852
+
853
+ # A request to delete an XssMatchSet from AWS WAF.
854
+ # @note When making an API call, pass DeleteXssMatchSetRequest
855
+ # data as a hash:
856
+ #
857
+ # {
858
+ # xss_match_set_id: "ResourceId", # required
859
+ # change_token: "ChangeToken", # required
860
+ # }
861
+ # @!attribute [rw] xss_match_set_id
862
+ # The `XssMatchSetId` of the XssMatchSet that you want to delete.
863
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
864
+ # ListXssMatchSets.
865
+ # @return [String]
866
+ #
867
+ # @!attribute [rw] change_token
868
+ # The value returned by the most recent call to GetChangeToken.
869
+ # @return [String]
870
+ class DeleteXssMatchSetRequest < Struct.new(
871
+ :xss_match_set_id,
872
+ :change_token)
873
+ include Aws::Structure
874
+ end
875
+
876
+ # The response to a request to delete an XssMatchSet from AWS WAF.
877
+ # @!attribute [rw] change_token
878
+ # The `ChangeToken` that you used to submit the `DeleteXssMatchSet`
879
+ # request. You can also use this value to query the status of the
880
+ # request. For more information, see GetChangeTokenStatus.
881
+ # @return [String]
882
+ class DeleteXssMatchSetResponse < Struct.new(
883
+ :change_token)
884
+ include Aws::Structure
885
+ end
886
+
887
+ # Specifies where in a web request to look for `TargetString`.
888
+ # @note When making an API call, pass FieldToMatch
889
+ # data as a hash:
890
+ #
891
+ # {
892
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
893
+ # data: "MatchFieldData",
894
+ # }
895
+ # @!attribute [rw] type
896
+ # The part of the web request that you want AWS WAF to search for a
897
+ # specified string. Parts of a request that you can search include the
898
+ # following:
899
+ #
900
+ # * `HEADER`\: A specified request header, for example, the value of
901
+ # the `User-Agent` or `Referer` header. If you choose `HEADER` for
902
+ # the type, specify the name of the header in `Data`.
903
+ #
904
+ # * `METHOD`\: The HTTP method, which indicated the type of operation
905
+ # that the request is asking the origin to perform. Amazon
906
+ # CloudFront supports the following methods: `DELETE`, `GET`,
907
+ # `HEAD`, `OPTIONS`, `PATCH`, `POST`, and `PUT`.
908
+ #
909
+ # * `QUERY_STRING`\: A query string, which is the part of a URL that
910
+ # appears after a `?` character, if any.
911
+ #
912
+ # * `URI`\: The part of a web request that identifies a resource, for
913
+ # example, `/images/daily-ad.jpg`.
914
+ #
915
+ # * `BODY`\: The part of a request that contains any additional data
916
+ # that you want to send to your web server as the HTTP request body,
917
+ # such as data from a form. The request body immediately follows the
918
+ # request headers. Note that only the first `8192` bytes of the
919
+ # request body are forwarded to AWS WAF for inspection. To allow or
920
+ # block requests based on the length of the body, you can create a
921
+ # size constraint set. For more information, see
922
+ # CreateSizeConstraintSet.
923
+ # @return [String]
924
+ #
925
+ # @!attribute [rw] data
926
+ # When the value of `Type` is `HEADER`, enter the name of the header
927
+ # that you want AWS WAF to search, for example, `User-Agent` or
928
+ # `Referer`. If the value of `Type` is any other value, omit `Data`.
929
+ #
930
+ # The name of the header is not case sensitive.
931
+ # @return [String]
932
+ class FieldToMatch < Struct.new(
933
+ :type,
934
+ :data)
935
+ include Aws::Structure
936
+ end
937
+
938
+ # @note When making an API call, pass GetByteMatchSetRequest
939
+ # data as a hash:
940
+ #
941
+ # {
942
+ # byte_match_set_id: "ResourceId", # required
943
+ # }
944
+ # @!attribute [rw] byte_match_set_id
945
+ # The `ByteMatchSetId` of the ByteMatchSet that you want to get.
946
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
947
+ # ListByteMatchSets.
948
+ # @return [String]
949
+ class GetByteMatchSetRequest < Struct.new(
950
+ :byte_match_set_id)
951
+ include Aws::Structure
952
+ end
953
+
954
+ # @!attribute [rw] byte_match_set
955
+ # Information about the ByteMatchSet that you specified in the
956
+ # `GetByteMatchSet` request. For more information, see the following
957
+ # topics:
958
+ #
959
+ # * ByteMatchSet: Contains `ByteMatchSetId`, `ByteMatchTuples`, and
960
+ # `Name`
961
+ #
962
+ # * `ByteMatchTuples`\: Contains an array of ByteMatchTuple objects.
963
+ # Each `ByteMatchTuple` object contains FieldToMatch,
964
+ # `PositionalConstraint`, `TargetString`, and `TextTransformation`
965
+ #
966
+ # * FieldToMatch: Contains `Data` and `Type`
967
+ # @return [Types::ByteMatchSet]
968
+ class GetByteMatchSetResponse < Struct.new(
969
+ :byte_match_set)
970
+ include Aws::Structure
971
+ end
972
+
973
+ # @api private
974
+ class GetChangeTokenRequest < Aws::EmptyStructure; end
975
+
976
+ # @!attribute [rw] change_token
977
+ # The `ChangeToken` that you used in the request. Use this value in a
978
+ # `GetChangeTokenStatus` request to get the current status of the
979
+ # request.
980
+ # @return [String]
981
+ class GetChangeTokenResponse < Struct.new(
982
+ :change_token)
983
+ include Aws::Structure
984
+ end
985
+
986
+ # @note When making an API call, pass GetChangeTokenStatusRequest
987
+ # data as a hash:
988
+ #
989
+ # {
990
+ # change_token: "ChangeToken", # required
991
+ # }
992
+ # @!attribute [rw] change_token
993
+ # The change token for which you want to get the status. This change
994
+ # token was previously returned in the `GetChangeToken` response.
995
+ # @return [String]
996
+ class GetChangeTokenStatusRequest < Struct.new(
997
+ :change_token)
998
+ include Aws::Structure
999
+ end
1000
+
1001
+ # @!attribute [rw] change_token_status
1002
+ # The status of the change token.
1003
+ # @return [String]
1004
+ class GetChangeTokenStatusResponse < Struct.new(
1005
+ :change_token_status)
1006
+ include Aws::Structure
1007
+ end
1008
+
1009
+ # @note When making an API call, pass GetIPSetRequest
1010
+ # data as a hash:
1011
+ #
1012
+ # {
1013
+ # ip_set_id: "ResourceId", # required
1014
+ # }
1015
+ # @!attribute [rw] ip_set_id
1016
+ # The `IPSetId` of the IPSet that you want to get. `IPSetId` is
1017
+ # returned by CreateIPSet and by ListIPSets.
1018
+ # @return [String]
1019
+ class GetIPSetRequest < Struct.new(
1020
+ :ip_set_id)
1021
+ include Aws::Structure
1022
+ end
1023
+
1024
+ # @!attribute [rw] ip_set
1025
+ # Information about the IPSet that you specified in the `GetIPSet`
1026
+ # request. For more information, see the following topics:
1027
+ #
1028
+ # * IPSet: Contains `IPSetDescriptors`, `IPSetId`, and `Name`
1029
+ #
1030
+ # * `IPSetDescriptors`\: Contains an array of IPSetDescriptor objects.
1031
+ # Each `IPSetDescriptor` object contains `Type` and `Value`
1032
+ # @return [Types::IPSet]
1033
+ class GetIPSetResponse < Struct.new(
1034
+ :ip_set)
1035
+ include Aws::Structure
1036
+ end
1037
+
1038
+ # @note When making an API call, pass GetRuleRequest
1039
+ # data as a hash:
1040
+ #
1041
+ # {
1042
+ # rule_id: "ResourceId", # required
1043
+ # }
1044
+ # @!attribute [rw] rule_id
1045
+ # The `RuleId` of the Rule that you want to get. `RuleId` is returned
1046
+ # by CreateRule and by ListRules.
1047
+ # @return [String]
1048
+ class GetRuleRequest < Struct.new(
1049
+ :rule_id)
1050
+ include Aws::Structure
1051
+ end
1052
+
1053
+ # @!attribute [rw] rule
1054
+ # Information about the Rule that you specified in the `GetRule`
1055
+ # request. For more information, see the following topics:
1056
+ #
1057
+ # * Rule: Contains `MetricName`, `Name`, an array of `Predicate`
1058
+ # objects, and `RuleId`
1059
+ #
1060
+ # * Predicate: Each `Predicate` object contains `DataId`, `Negated`,
1061
+ # and `Type`
1062
+ # @return [Types::Rule]
1063
+ class GetRuleResponse < Struct.new(
1064
+ :rule)
1065
+ include Aws::Structure
1066
+ end
1067
+
1068
+ # @note When making an API call, pass GetSampledRequestsRequest
1069
+ # data as a hash:
1070
+ #
1071
+ # {
1072
+ # web_acl_id: "ResourceId", # required
1073
+ # rule_id: "ResourceId", # required
1074
+ # time_window: { # required
1075
+ # start_time: Time.now, # required
1076
+ # end_time: Time.now, # required
1077
+ # },
1078
+ # max_items: 1, # required
1079
+ # }
1080
+ # @!attribute [rw] web_acl_id
1081
+ # The `WebACLId` of the `WebACL` for which you want
1082
+ # `GetSampledRequests` to return a sample of requests.
1083
+ # @return [String]
1084
+ #
1085
+ # @!attribute [rw] rule_id
1086
+ # `RuleId` is one of two values:
1087
+ #
1088
+ # * The `RuleId` of the `Rule` for which you want `GetSampledRequests`
1089
+ # to return a sample of requests.
1090
+ #
1091
+ # * `Default_Action`, which causes `GetSampledRequests` to return a
1092
+ # sample of the requests that didn't match any of the rules in the
1093
+ # specified `WebACL`.
1094
+ # @return [String]
1095
+ #
1096
+ # @!attribute [rw] time_window
1097
+ # The start date and time and the end date and time of the range for
1098
+ # which you want `GetSampledRequests` to return a sample of requests.
1099
+ # Specify the date and time in Unix time format (in seconds). You can
1100
+ # specify any time range in the previous three hours.
1101
+ # @return [Types::TimeWindow]
1102
+ #
1103
+ # @!attribute [rw] max_items
1104
+ # The number of requests that you want AWS WAF to return from among
1105
+ # the first 5,000 requests that your AWS resource received during the
1106
+ # time range. If your resource received fewer requests than the value
1107
+ # of `MaxItems`, `GetSampledRequests` returns information about all of
1108
+ # them.
1109
+ # @return [Integer]
1110
+ class GetSampledRequestsRequest < Struct.new(
1111
+ :web_acl_id,
1112
+ :rule_id,
1113
+ :time_window,
1114
+ :max_items)
1115
+ include Aws::Structure
1116
+ end
1117
+
1118
+ # @!attribute [rw] sampled_requests
1119
+ # A complex type that contains detailed information about each of the
1120
+ # requests in the sample.
1121
+ # @return [Array<Types::SampledHTTPRequest>]
1122
+ #
1123
+ # @!attribute [rw] population_size
1124
+ # The total number of requests from which `GetSampledRequests` got a
1125
+ # sample of `MaxItems` requests. If `PopulationSize` is less than
1126
+ # `MaxItems`, the sample includes every request that your AWS resource
1127
+ # received during the specified time range.
1128
+ # @return [Integer]
1129
+ #
1130
+ # @!attribute [rw] time_window
1131
+ # Usually, `TimeWindow` is the time range that you specified in the
1132
+ # `GetSampledRequests` request. However, if your AWS resource received
1133
+ # more than 5,000 requests during the time range that you specified in
1134
+ # the request, `GetSampledRequests` returns the time range for the
1135
+ # first 5,000 requests.
1136
+ # @return [Types::TimeWindow]
1137
+ class GetSampledRequestsResponse < Struct.new(
1138
+ :sampled_requests,
1139
+ :population_size,
1140
+ :time_window)
1141
+ include Aws::Structure
1142
+ end
1143
+
1144
+ # @note When making an API call, pass GetSizeConstraintSetRequest
1145
+ # data as a hash:
1146
+ #
1147
+ # {
1148
+ # size_constraint_set_id: "ResourceId", # required
1149
+ # }
1150
+ # @!attribute [rw] size_constraint_set_id
1151
+ # The `SizeConstraintSetId` of the SizeConstraintSet that you want to
1152
+ # get. `SizeConstraintSetId` is returned by CreateSizeConstraintSet
1153
+ # and by ListSizeConstraintSets.
1154
+ # @return [String]
1155
+ class GetSizeConstraintSetRequest < Struct.new(
1156
+ :size_constraint_set_id)
1157
+ include Aws::Structure
1158
+ end
1159
+
1160
+ # @!attribute [rw] size_constraint_set
1161
+ # Information about the SizeConstraintSet that you specified in the
1162
+ # `GetSizeConstraintSet` request. For more information, see the
1163
+ # following topics:
1164
+ #
1165
+ # * SizeConstraintSet: Contains `SizeConstraintSetId`,
1166
+ # `SizeConstraints`, and `Name`
1167
+ #
1168
+ # * `SizeConstraints`\: Contains an array of SizeConstraint objects.
1169
+ # Each `SizeConstraint` object contains FieldToMatch,
1170
+ # `TextTransformation`, `ComparisonOperator`, and `Size`
1171
+ #
1172
+ # * FieldToMatch: Contains `Data` and `Type`
1173
+ # @return [Types::SizeConstraintSet]
1174
+ class GetSizeConstraintSetResponse < Struct.new(
1175
+ :size_constraint_set)
1176
+ include Aws::Structure
1177
+ end
1178
+
1179
+ # A request to get a SqlInjectionMatchSet.
1180
+ # @note When making an API call, pass GetSqlInjectionMatchSetRequest
1181
+ # data as a hash:
1182
+ #
1183
+ # {
1184
+ # sql_injection_match_set_id: "ResourceId", # required
1185
+ # }
1186
+ # @!attribute [rw] sql_injection_match_set_id
1187
+ # The `SqlInjectionMatchSetId` of the SqlInjectionMatchSet that you
1188
+ # want to get. `SqlInjectionMatchSetId` is returned by
1189
+ # CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.
1190
+ # @return [String]
1191
+ class GetSqlInjectionMatchSetRequest < Struct.new(
1192
+ :sql_injection_match_set_id)
1193
+ include Aws::Structure
1194
+ end
1195
+
1196
+ # The response to a GetSqlInjectionMatchSet request.
1197
+ # @!attribute [rw] sql_injection_match_set
1198
+ # Information about the SqlInjectionMatchSet that you specified in the
1199
+ # `GetSqlInjectionMatchSet` request. For more information, see the
1200
+ # following topics:
1201
+ #
1202
+ # * SqlInjectionMatchSet: Contains `Name`, `SqlInjectionMatchSetId`,
1203
+ # and an array of `SqlInjectionMatchTuple` objects
1204
+ #
1205
+ # * SqlInjectionMatchTuple: Each `SqlInjectionMatchTuple` object
1206
+ # contains `FieldToMatch` and `TextTransformation`
1207
+ #
1208
+ # * FieldToMatch: Contains `Data` and `Type`
1209
+ # @return [Types::SqlInjectionMatchSet]
1210
+ class GetSqlInjectionMatchSetResponse < Struct.new(
1211
+ :sql_injection_match_set)
1212
+ include Aws::Structure
1213
+ end
1214
+
1215
+ # @note When making an API call, pass GetWebACLRequest
1216
+ # data as a hash:
1217
+ #
1218
+ # {
1219
+ # web_acl_id: "ResourceId", # required
1220
+ # }
1221
+ # @!attribute [rw] web_acl_id
1222
+ # The `WebACLId` of the WebACL that you want to get. `WebACLId` is
1223
+ # returned by CreateWebACL and by ListWebACLs.
1224
+ # @return [String]
1225
+ class GetWebACLRequest < Struct.new(
1226
+ :web_acl_id)
1227
+ include Aws::Structure
1228
+ end
1229
+
1230
+ # @!attribute [rw] web_acl
1231
+ # Information about the WebACL that you specified in the `GetWebACL`
1232
+ # request. For more information, see the following topics:
1233
+ #
1234
+ # * WebACL: Contains `DefaultAction`, `MetricName`, `Name`, an array
1235
+ # of `Rule` objects, and `WebACLId`
1236
+ #
1237
+ # * `DefaultAction` (Data type is WafAction): Contains `Type`
1238
+ #
1239
+ # * `Rules`\: Contains an array of `ActivatedRule` objects, which
1240
+ # contain `Action`, `Priority`, and `RuleId`
1241
+ #
1242
+ # * `Action`\: Contains `Type`
1243
+ # @return [Types::WebACL]
1244
+ class GetWebACLResponse < Struct.new(
1245
+ :web_acl)
1246
+ include Aws::Structure
1247
+ end
1248
+
1249
+ # A request to get an XssMatchSet.
1250
+ # @note When making an API call, pass GetXssMatchSetRequest
1251
+ # data as a hash:
1252
+ #
1253
+ # {
1254
+ # xss_match_set_id: "ResourceId", # required
1255
+ # }
1256
+ # @!attribute [rw] xss_match_set_id
1257
+ # The `XssMatchSetId` of the XssMatchSet that you want to get.
1258
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
1259
+ # ListXssMatchSets.
1260
+ # @return [String]
1261
+ class GetXssMatchSetRequest < Struct.new(
1262
+ :xss_match_set_id)
1263
+ include Aws::Structure
1264
+ end
1265
+
1266
+ # The response to a GetXssMatchSet request.
1267
+ # @!attribute [rw] xss_match_set
1268
+ # Information about the XssMatchSet that you specified in the
1269
+ # `GetXssMatchSet` request. For more information, see the following
1270
+ # topics:
1271
+ #
1272
+ # * XssMatchSet: Contains `Name`, `XssMatchSetId`, and an array of
1273
+ # `XssMatchTuple` objects
1274
+ #
1275
+ # * XssMatchTuple: Each `XssMatchTuple` object contains `FieldToMatch`
1276
+ # and `TextTransformation`
1277
+ #
1278
+ # * FieldToMatch: Contains `Data` and `Type`
1279
+ # @return [Types::XssMatchSet]
1280
+ class GetXssMatchSetResponse < Struct.new(
1281
+ :xss_match_set)
1282
+ include Aws::Structure
1283
+ end
1284
+
1285
+ # The response from a GetSampledRequests request includes an
1286
+ # `HTTPHeader` complex type that appears as `Headers` in the response
1287
+ # syntax. `HTTPHeader` contains the names and values of all of the
1288
+ # headers that appear in one of the web requests that were returned by
1289
+ # `GetSampledRequests`.
1290
+ # @!attribute [rw] name
1291
+ # The name of one of the headers in the sampled web request.
1292
+ # @return [String]
1293
+ #
1294
+ # @!attribute [rw] value
1295
+ # The value of one of the headers in the sampled web request.
1296
+ # @return [String]
1297
+ class HTTPHeader < Struct.new(
1298
+ :name,
1299
+ :value)
1300
+ include Aws::Structure
1301
+ end
1302
+
1303
+ # The response from a GetSampledRequests request includes an
1304
+ # `HTTPRequest` complex type that appears as `Request` in the response
1305
+ # syntax. `HTTPRequest` contains information about one of the web
1306
+ # requests that were returned by `GetSampledRequests`.
1307
+ # @!attribute [rw] client_ip
1308
+ # The IP address that the request originated from. If the `WebACL` is
1309
+ # associated with a CloudFront distribution, this is the value of one
1310
+ # of the following fields in CloudFront access logs:
1311
+ #
1312
+ # * `c-ip`, if the viewer did not use an HTTP proxy or a load balancer
1313
+ # to send the request
1314
+ #
1315
+ # * `x-forwarded-for`, if the viewer did use an HTTP proxy or a load
1316
+ # balancer to send the request
1317
+ # @return [String]
1318
+ #
1319
+ # @!attribute [rw] country
1320
+ # The two-letter country code for the country that the request
1321
+ # originated from. For a current list of country codes, see the
1322
+ # Wikipedia entry [ISO 3166-1 alpha-2][1].
1323
+ #
1324
+ #
1325
+ #
1326
+ # [1]: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
1327
+ # @return [String]
1328
+ #
1329
+ # @!attribute [rw] uri
1330
+ # The part of a web request that identifies the resource, for example,
1331
+ # `/images/daily-ad.jpg`.
1332
+ # @return [String]
1333
+ #
1334
+ # @!attribute [rw] method
1335
+ # The HTTP method specified in the sampled web request. CloudFront
1336
+ # supports the following methods: `DELETE`, `GET`, `HEAD`, `OPTIONS`,
1337
+ # `PATCH`, `POST`, and `PUT`.
1338
+ # @return [String]
1339
+ #
1340
+ # @!attribute [rw] http_version
1341
+ # The HTTP version specified in the sampled web request, for example,
1342
+ # `HTTP/1.1`.
1343
+ # @return [String]
1344
+ #
1345
+ # @!attribute [rw] headers
1346
+ # A complex type that contains two values for each header in the
1347
+ # sampled web request: the name of the header and the value of the
1348
+ # header.
1349
+ # @return [Array<Types::HTTPHeader>]
1350
+ class HTTPRequest < Struct.new(
1351
+ :client_ip,
1352
+ :country,
1353
+ :uri,
1354
+ :method,
1355
+ :http_version,
1356
+ :headers)
1357
+ include Aws::Structure
1358
+ end
1359
+
1360
+ # Contains one or more IP addresses or blocks of IP addresses specified
1361
+ # in Classless Inter-Domain Routing (CIDR) notation. To specify an
1362
+ # individual IP address, you specify the four-part IP address followed
1363
+ # by a `/32`, for example, 192.0.2.0/31. To block a range of IP
1364
+ # addresses, you can specify a `/24`, a `/16`, or a `/8` CIDR. For more
1365
+ # information about CIDR notation, perform an Internet search on `cidr
1366
+ # notation`.
1367
+ # @!attribute [rw] ip_set_id
1368
+ # The `IPSetId` for an `IPSet`. You use `IPSetId` to get information
1369
+ # about an `IPSet` (see GetIPSet), update an `IPSet` (see
1370
+ # UpdateIPSet), insert an `IPSet` into a `Rule` or delete one from a
1371
+ # `Rule` (see UpdateRule), and delete an `IPSet` from AWS WAF (see
1372
+ # DeleteIPSet).
1373
+ #
1374
+ # `IPSetId` is returned by CreateIPSet and by ListIPSets.
1375
+ # @return [String]
1376
+ #
1377
+ # @!attribute [rw] name
1378
+ # A friendly name or description of the IPSet. You can't change the
1379
+ # name of an `IPSet` after you create it.
1380
+ # @return [String]
1381
+ #
1382
+ # @!attribute [rw] ip_set_descriptors
1383
+ # The IP address type (`IPV4`) and the IP address range (in CIDR
1384
+ # notation) that web requests originate from. If the `WebACL` is
1385
+ # associated with a CloudFront distribution, this is the value of one
1386
+ # of the following fields in CloudFront access logs:
1387
+ #
1388
+ # * `c-ip`, if the viewer did not use an HTTP proxy or a load balancer
1389
+ # to send the request
1390
+ #
1391
+ # * `x-forwarded-for`, if the viewer did use an HTTP proxy or a load
1392
+ # balancer to send the request
1393
+ # @return [Array<Types::IPSetDescriptor>]
1394
+ class IPSet < Struct.new(
1395
+ :ip_set_id,
1396
+ :name,
1397
+ :ip_set_descriptors)
1398
+ include Aws::Structure
1399
+ end
1400
+
1401
+ # Specifies the IP address type (`IPV4`) and the IP address range (in
1402
+ # CIDR format) that web requests originate from.
1403
+ # @note When making an API call, pass IPSetDescriptor
1404
+ # data as a hash:
1405
+ #
1406
+ # {
1407
+ # type: "IPV4", # required, accepts IPV4, IPV6
1408
+ # value: "IPSetDescriptorValue", # required
1409
+ # }
1410
+ # @!attribute [rw] type
1411
+ # Specify `IPV4`.
1412
+ # @return [String]
1413
+ #
1414
+ # @!attribute [rw] value
1415
+ # Specify an IPv4 address by using CIDR notation. For example:
1416
+ #
1417
+ # * To configure AWS WAF to allow, block, or count requests that
1418
+ # originated from the IP address 192.0.2.44, specify
1419
+ # `192.0.2.44/32`.
1420
+ #
1421
+ # * To configure AWS WAF to allow, block, or count requests that
1422
+ # originated from IP addresses from 192.0.2.0 to 192.0.2.255,
1423
+ # specify `192.0.2.0/24`.
1424
+ #
1425
+ # AWS WAF supports only /8, /16, /24, and /32 IP addresses.
1426
+ #
1427
+ # For more information about CIDR notation, see the Wikipedia entry
1428
+ # [Classless Inter-Domain Routing][1].
1429
+ #
1430
+ #
1431
+ #
1432
+ # [1]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
1433
+ # @return [String]
1434
+ class IPSetDescriptor < Struct.new(
1435
+ :type,
1436
+ :value)
1437
+ include Aws::Structure
1438
+ end
1439
+
1440
+ # Contains the identifier and the name of the `IPSet`.
1441
+ # @!attribute [rw] ip_set_id
1442
+ # The `IPSetId` for an IPSet. You can use `IPSetId` in a GetIPSet
1443
+ # request to get detailed information about an IPSet.
1444
+ # @return [String]
1445
+ #
1446
+ # @!attribute [rw] name
1447
+ # A friendly name or description of the IPSet. You can't change the
1448
+ # name of an `IPSet` after you create it.
1449
+ # @return [String]
1450
+ class IPSetSummary < Struct.new(
1451
+ :ip_set_id,
1452
+ :name)
1453
+ include Aws::Structure
1454
+ end
1455
+
1456
+ # Specifies the type of update to perform to an IPSet with UpdateIPSet.
1457
+ # @note When making an API call, pass IPSetUpdate
1458
+ # data as a hash:
1459
+ #
1460
+ # {
1461
+ # action: "INSERT", # required, accepts INSERT, DELETE
1462
+ # ip_set_descriptor: { # required
1463
+ # type: "IPV4", # required, accepts IPV4, IPV6
1464
+ # value: "IPSetDescriptorValue", # required
1465
+ # },
1466
+ # }
1467
+ # @!attribute [rw] action
1468
+ # Specifies whether to insert or delete an IP address with
1469
+ # UpdateIPSet.
1470
+ # @return [String]
1471
+ #
1472
+ # @!attribute [rw] ip_set_descriptor
1473
+ # The IP address type (`IPV4`) and the IP address range (in CIDR
1474
+ # notation) that web requests originate from.
1475
+ # @return [Types::IPSetDescriptor]
1476
+ class IPSetUpdate < Struct.new(
1477
+ :action,
1478
+ :ip_set_descriptor)
1479
+ include Aws::Structure
1480
+ end
1481
+
1482
+ # @note When making an API call, pass ListByteMatchSetsRequest
1483
+ # data as a hash:
1484
+ #
1485
+ # {
1486
+ # next_marker: "NextMarker",
1487
+ # limit: 1,
1488
+ # }
1489
+ # @!attribute [rw] next_marker
1490
+ # If you specify a value for `Limit` and you have more `ByteMatchSets`
1491
+ # than the value of `Limit`, AWS WAF returns a `NextMarker` value in
1492
+ # the response that allows you to list another group of
1493
+ # `ByteMatchSets`. For the second and subsequent `ListByteMatchSets`
1494
+ # requests, specify the value of `NextMarker` from the previous
1495
+ # response to get information about another batch of `ByteMatchSets`.
1496
+ # @return [String]
1497
+ #
1498
+ # @!attribute [rw] limit
1499
+ # Specifies the number of `ByteMatchSet` objects that you want AWS WAF
1500
+ # to return for this request. If you have more `ByteMatchSets` objects
1501
+ # than the number you specify for `Limit`, the response includes a
1502
+ # `NextMarker` value that you can use to get another batch of
1503
+ # `ByteMatchSet` objects.
1504
+ # @return [Integer]
1505
+ class ListByteMatchSetsRequest < Struct.new(
1506
+ :next_marker,
1507
+ :limit)
1508
+ include Aws::Structure
1509
+ end
1510
+
1511
+ # @!attribute [rw] next_marker
1512
+ # If you have more `ByteMatchSet` objects than the number that you
1513
+ # specified for `Limit` in the request, the response includes a
1514
+ # `NextMarker` value. To list more `ByteMatchSet` objects, submit
1515
+ # another `ListByteMatchSets` request, and specify the `NextMarker`
1516
+ # value from the response in the `NextMarker` value in the next
1517
+ # request.
1518
+ # @return [String]
1519
+ #
1520
+ # @!attribute [rw] byte_match_sets
1521
+ # An array of ByteMatchSetSummary objects.
1522
+ # @return [Array<Types::ByteMatchSetSummary>]
1523
+ class ListByteMatchSetsResponse < Struct.new(
1524
+ :next_marker,
1525
+ :byte_match_sets)
1526
+ include Aws::Structure
1527
+ end
1528
+
1529
+ # @note When making an API call, pass ListIPSetsRequest
1530
+ # data as a hash:
1531
+ #
1532
+ # {
1533
+ # next_marker: "NextMarker",
1534
+ # limit: 1,
1535
+ # }
1536
+ # @!attribute [rw] next_marker
1537
+ # If you specify a value for `Limit` and you have more `IPSets` than
1538
+ # the value of `Limit`, AWS WAF returns a `NextMarker` value in the
1539
+ # response that allows you to list another group of `IPSets`. For the
1540
+ # second and subsequent `ListIPSets` requests, specify the value of
1541
+ # `NextMarker` from the previous response to get information about
1542
+ # another batch of `ByteMatchSets`.
1543
+ # @return [String]
1544
+ #
1545
+ # @!attribute [rw] limit
1546
+ # Specifies the number of `IPSet` objects that you want AWS WAF to
1547
+ # return for this request. If you have more `IPSet` objects than the
1548
+ # number you specify for `Limit`, the response includes a `NextMarker`
1549
+ # value that you can use to get another batch of `IPSet` objects.
1550
+ # @return [Integer]
1551
+ class ListIPSetsRequest < Struct.new(
1552
+ :next_marker,
1553
+ :limit)
1554
+ include Aws::Structure
1555
+ end
1556
+
1557
+ # @!attribute [rw] next_marker
1558
+ # If you have more `IPSet` objects than the number that you specified
1559
+ # for `Limit` in the request, the response includes a `NextMarker`
1560
+ # value. To list more `IPSet` objects, submit another `ListIPSets`
1561
+ # request, and specify the `NextMarker` value from the response in the
1562
+ # `NextMarker` value in the next request.
1563
+ # @return [String]
1564
+ #
1565
+ # @!attribute [rw] ip_sets
1566
+ # An array of IPSetSummary objects.
1567
+ # @return [Array<Types::IPSetSummary>]
1568
+ class ListIPSetsResponse < Struct.new(
1569
+ :next_marker,
1570
+ :ip_sets)
1571
+ include Aws::Structure
1572
+ end
1573
+
1574
+ # @note When making an API call, pass ListRulesRequest
1575
+ # data as a hash:
1576
+ #
1577
+ # {
1578
+ # next_marker: "NextMarker",
1579
+ # limit: 1,
1580
+ # }
1581
+ # @!attribute [rw] next_marker
1582
+ # If you specify a value for `Limit` and you have more `Rules` than
1583
+ # the value of `Limit`, AWS WAF returns a `NextMarker` value in the
1584
+ # response that allows you to list another group of `Rules`. For the
1585
+ # second and subsequent `ListRules` requests, specify the value of
1586
+ # `NextMarker` from the previous response to get information about
1587
+ # another batch of `Rules`.
1588
+ # @return [String]
1589
+ #
1590
+ # @!attribute [rw] limit
1591
+ # Specifies the number of `Rules` that you want AWS WAF to return for
1592
+ # this request. If you have more `Rules` than the number that you
1593
+ # specify for `Limit`, the response includes a `NextMarker` value that
1594
+ # you can use to get another batch of `Rules`.
1595
+ # @return [Integer]
1596
+ class ListRulesRequest < Struct.new(
1597
+ :next_marker,
1598
+ :limit)
1599
+ include Aws::Structure
1600
+ end
1601
+
1602
+ # @!attribute [rw] next_marker
1603
+ # If you have more `Rules` than the number that you specified for
1604
+ # `Limit` in the request, the response includes a `NextMarker` value.
1605
+ # To list more `Rules`, submit another `ListRules` request, and
1606
+ # specify the `NextMarker` value from the response in the `NextMarker`
1607
+ # value in the next request.
1608
+ # @return [String]
1609
+ #
1610
+ # @!attribute [rw] rules
1611
+ # An array of RuleSummary objects.
1612
+ # @return [Array<Types::RuleSummary>]
1613
+ class ListRulesResponse < Struct.new(
1614
+ :next_marker,
1615
+ :rules)
1616
+ include Aws::Structure
1617
+ end
1618
+
1619
+ # @note When making an API call, pass ListSizeConstraintSetsRequest
1620
+ # data as a hash:
1621
+ #
1622
+ # {
1623
+ # next_marker: "NextMarker",
1624
+ # limit: 1,
1625
+ # }
1626
+ # @!attribute [rw] next_marker
1627
+ # If you specify a value for `Limit` and you have more
1628
+ # `SizeConstraintSets` than the value of `Limit`, AWS WAF returns a
1629
+ # `NextMarker` value in the response that allows you to list another
1630
+ # group of `SizeConstraintSets`. For the second and subsequent
1631
+ # `ListSizeConstraintSets` requests, specify the value of `NextMarker`
1632
+ # from the previous response to get information about another batch of
1633
+ # `SizeConstraintSets`.
1634
+ # @return [String]
1635
+ #
1636
+ # @!attribute [rw] limit
1637
+ # Specifies the number of `SizeConstraintSet` objects that you want
1638
+ # AWS WAF to return for this request. If you have more
1639
+ # `SizeConstraintSets` objects than the number you specify for
1640
+ # `Limit`, the response includes a `NextMarker` value that you can use
1641
+ # to get another batch of `SizeConstraintSet` objects.
1642
+ # @return [Integer]
1643
+ class ListSizeConstraintSetsRequest < Struct.new(
1644
+ :next_marker,
1645
+ :limit)
1646
+ include Aws::Structure
1647
+ end
1648
+
1649
+ # @!attribute [rw] next_marker
1650
+ # If you have more `SizeConstraintSet` objects than the number that
1651
+ # you specified for `Limit` in the request, the response includes a
1652
+ # `NextMarker` value. To list more `SizeConstraintSet` objects, submit
1653
+ # another `ListSizeConstraintSets` request, and specify the
1654
+ # `NextMarker` value from the response in the `NextMarker` value in
1655
+ # the next request.
1656
+ # @return [String]
1657
+ #
1658
+ # @!attribute [rw] size_constraint_sets
1659
+ # An array of SizeConstraintSetSummary objects.
1660
+ # @return [Array<Types::SizeConstraintSetSummary>]
1661
+ class ListSizeConstraintSetsResponse < Struct.new(
1662
+ :next_marker,
1663
+ :size_constraint_sets)
1664
+ include Aws::Structure
1665
+ end
1666
+
1667
+ # A request to list the SqlInjectionMatchSet objects created by the
1668
+ # current AWS account.
1669
+ # @note When making an API call, pass ListSqlInjectionMatchSetsRequest
1670
+ # data as a hash:
1671
+ #
1672
+ # {
1673
+ # next_marker: "NextMarker",
1674
+ # limit: 1,
1675
+ # }
1676
+ # @!attribute [rw] next_marker
1677
+ # If you specify a value for `Limit` and you have more
1678
+ # SqlInjectionMatchSet objects than the value of `Limit`, AWS WAF
1679
+ # returns a `NextMarker` value in the response that allows you to list
1680
+ # another group of `SqlInjectionMatchSets`. For the second and
1681
+ # subsequent `ListSqlInjectionMatchSets` requests, specify the value
1682
+ # of `NextMarker` from the previous response to get information about
1683
+ # another batch of `SqlInjectionMatchSets`.
1684
+ # @return [String]
1685
+ #
1686
+ # @!attribute [rw] limit
1687
+ # Specifies the number of SqlInjectionMatchSet objects that you want
1688
+ # AWS WAF to return for this request. If you have more
1689
+ # `SqlInjectionMatchSet` objects than the number you specify for
1690
+ # `Limit`, the response includes a `NextMarker` value that you can use
1691
+ # to get another batch of `Rules`.
1692
+ # @return [Integer]
1693
+ class ListSqlInjectionMatchSetsRequest < Struct.new(
1694
+ :next_marker,
1695
+ :limit)
1696
+ include Aws::Structure
1697
+ end
1698
+
1699
+ # The response to a ListSqlInjectionMatchSets request.
1700
+ # @!attribute [rw] next_marker
1701
+ # If you have more SqlInjectionMatchSet objects than the number that
1702
+ # you specified for `Limit` in the request, the response includes a
1703
+ # `NextMarker` value. To list more `SqlInjectionMatchSet` objects,
1704
+ # submit another `ListSqlInjectionMatchSets` request, and specify the
1705
+ # `NextMarker` value from the response in the `NextMarker` value in
1706
+ # the next request.
1707
+ # @return [String]
1708
+ #
1709
+ # @!attribute [rw] sql_injection_match_sets
1710
+ # An array of SqlInjectionMatchSetSummary objects.
1711
+ # @return [Array<Types::SqlInjectionMatchSetSummary>]
1712
+ class ListSqlInjectionMatchSetsResponse < Struct.new(
1713
+ :next_marker,
1714
+ :sql_injection_match_sets)
1715
+ include Aws::Structure
1716
+ end
1717
+
1718
+ # @note When making an API call, pass ListWebACLsRequest
1719
+ # data as a hash:
1720
+ #
1721
+ # {
1722
+ # next_marker: "NextMarker",
1723
+ # limit: 1,
1724
+ # }
1725
+ # @!attribute [rw] next_marker
1726
+ # If you specify a value for `Limit` and you have more `WebACL`
1727
+ # objects than the number that you specify for `Limit`, AWS WAF
1728
+ # returns a `NextMarker` value in the response that allows you to list
1729
+ # another group of `WebACL` objects. For the second and subsequent
1730
+ # `ListWebACLs` requests, specify the value of `NextMarker` from the
1731
+ # previous response to get information about another batch of `WebACL`
1732
+ # objects.
1733
+ # @return [String]
1734
+ #
1735
+ # @!attribute [rw] limit
1736
+ # Specifies the number of `WebACL` objects that you want AWS WAF to
1737
+ # return for this request. If you have more `WebACL` objects than the
1738
+ # number that you specify for `Limit`, the response includes a
1739
+ # `NextMarker` value that you can use to get another batch of `WebACL`
1740
+ # objects.
1741
+ # @return [Integer]
1742
+ class ListWebACLsRequest < Struct.new(
1743
+ :next_marker,
1744
+ :limit)
1745
+ include Aws::Structure
1746
+ end
1747
+
1748
+ # @!attribute [rw] next_marker
1749
+ # If you have more `WebACL` objects than the number that you specified
1750
+ # for `Limit` in the request, the response includes a `NextMarker`
1751
+ # value. To list more `WebACL` objects, submit another `ListWebACLs`
1752
+ # request, and specify the `NextMarker` value from the response in the
1753
+ # `NextMarker` value in the next request.
1754
+ # @return [String]
1755
+ #
1756
+ # @!attribute [rw] web_acls
1757
+ # An array of WebACLSummary objects.
1758
+ # @return [Array<Types::WebACLSummary>]
1759
+ class ListWebACLsResponse < Struct.new(
1760
+ :next_marker,
1761
+ :web_acls)
1762
+ include Aws::Structure
1763
+ end
1764
+
1765
+ # A request to list the XssMatchSet objects created by the current AWS
1766
+ # account.
1767
+ # @note When making an API call, pass ListXssMatchSetsRequest
1768
+ # data as a hash:
1769
+ #
1770
+ # {
1771
+ # next_marker: "NextMarker",
1772
+ # limit: 1,
1773
+ # }
1774
+ # @!attribute [rw] next_marker
1775
+ # If you specify a value for `Limit` and you have more XssMatchSet
1776
+ # objects than the value of `Limit`, AWS WAF returns a `NextMarker`
1777
+ # value in the response that allows you to list another group of
1778
+ # `XssMatchSets`. For the second and subsequent `ListXssMatchSets`
1779
+ # requests, specify the value of `NextMarker` from the previous
1780
+ # response to get information about another batch of `XssMatchSets`.
1781
+ # @return [String]
1782
+ #
1783
+ # @!attribute [rw] limit
1784
+ # Specifies the number of XssMatchSet objects that you want AWS WAF to
1785
+ # return for this request. If you have more `XssMatchSet` objects than
1786
+ # the number you specify for `Limit`, the response includes a
1787
+ # `NextMarker` value that you can use to get another batch of `Rules`.
1788
+ # @return [Integer]
1789
+ class ListXssMatchSetsRequest < Struct.new(
1790
+ :next_marker,
1791
+ :limit)
1792
+ include Aws::Structure
1793
+ end
1794
+
1795
+ # The response to a ListXssMatchSets request.
1796
+ # @!attribute [rw] next_marker
1797
+ # If you have more XssMatchSet objects than the number that you
1798
+ # specified for `Limit` in the request, the response includes a
1799
+ # `NextMarker` value. To list more `XssMatchSet` objects, submit
1800
+ # another `ListXssMatchSets` request, and specify the `NextMarker`
1801
+ # value from the response in the `NextMarker` value in the next
1802
+ # request.
1803
+ # @return [String]
1804
+ #
1805
+ # @!attribute [rw] xss_match_sets
1806
+ # An array of XssMatchSetSummary objects.
1807
+ # @return [Array<Types::XssMatchSetSummary>]
1808
+ class ListXssMatchSetsResponse < Struct.new(
1809
+ :next_marker,
1810
+ :xss_match_sets)
1811
+ include Aws::Structure
1812
+ end
1813
+
1814
+ # Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet,
1815
+ # and SizeConstraintSet objects that you want to add to a `Rule` and,
1816
+ # for each object, indicates whether you want to negate the settings,
1817
+ # for example, requests that do NOT originate from the IP address
1818
+ # 192.0.2.44.
1819
+ # @note When making an API call, pass Predicate
1820
+ # data as a hash:
1821
+ #
1822
+ # {
1823
+ # negated: false, # required
1824
+ # type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
1825
+ # data_id: "ResourceId", # required
1826
+ # }
1827
+ # @!attribute [rw] negated
1828
+ # Set `Negated` to `False` if you want AWS WAF to allow, block, or
1829
+ # count requests based on the settings in the specified ByteMatchSet,
1830
+ # IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For
1831
+ # example, if an `IPSet` includes the IP address `192.0.2.44`, AWS WAF
1832
+ # will allow or block requests based on that IP address.
1833
+ #
1834
+ # Set `Negated` to `True` if you want AWS WAF to allow or block a
1835
+ # request based on the negation of the settings in the ByteMatchSet,
1836
+ # IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For
1837
+ # example, if an `IPSet` includes the IP address `192.0.2.44`, AWS WAF
1838
+ # will allow, block, or count requests based on all IP addresses
1839
+ # *except* `192.0.2.44`.
1840
+ # @return [Boolean]
1841
+ #
1842
+ # @!attribute [rw] type
1843
+ # The type of predicate in a `Rule`, such as `ByteMatchSet` or
1844
+ # `IPSet`.
1845
+ # @return [String]
1846
+ #
1847
+ # @!attribute [rw] data_id
1848
+ # A unique identifier for a predicate in a `Rule`, such as
1849
+ # `ByteMatchSetId` or `IPSetId`. The ID is returned by the
1850
+ # corresponding `Create` or `List` command.
1851
+ # @return [String]
1852
+ class Predicate < Struct.new(
1853
+ :negated,
1854
+ :type,
1855
+ :data_id)
1856
+ include Aws::Structure
1857
+ end
1858
+
1859
+ # A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet
1860
+ # objects that identify the web requests that you want to allow, block,
1861
+ # or count. For example, you might create a `Rule` that includes the
1862
+ # following predicates:
1863
+ #
1864
+ # * An `IPSet` that causes AWS WAF to search for web requests that
1865
+ # originate from the IP address `192.0.2.44`
1866
+ #
1867
+ # * A `ByteMatchSet` that causes AWS WAF to search for web requests for
1868
+ # which the value of the `User-Agent` header is `BadBot`.
1869
+ #
1870
+ # To match the settings in this `Rule`, a request must originate from
1871
+ # `192.0.2.44` AND include a `User-Agent` header for which the value is
1872
+ # `BadBot`.
1873
+ # @!attribute [rw] rule_id
1874
+ # A unique identifier for a `Rule`. You use `RuleId` to get more
1875
+ # information about a `Rule` (see GetRule), update a `Rule` (see
1876
+ # UpdateRule), insert a `Rule` into a `WebACL` or delete a one from a
1877
+ # `WebACL` (see UpdateWebACL), or delete a `Rule` from AWS WAF (see
1878
+ # DeleteRule).
1879
+ #
1880
+ # `RuleId` is returned by CreateRule and by ListRules.
1881
+ # @return [String]
1882
+ #
1883
+ # @!attribute [rw] name
1884
+ # The friendly name or description for the `Rule`. You can't change
1885
+ # the name of a `Rule` after you create it.
1886
+ # @return [String]
1887
+ #
1888
+ # @!attribute [rw] metric_name
1889
+ # @return [String]
1890
+ #
1891
+ # @!attribute [rw] predicates
1892
+ # The `Predicates` object contains one `Predicate` element for each
1893
+ # ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to
1894
+ # include in a `Rule`.
1895
+ # @return [Array<Types::Predicate>]
1896
+ class Rule < Struct.new(
1897
+ :rule_id,
1898
+ :name,
1899
+ :metric_name,
1900
+ :predicates)
1901
+ include Aws::Structure
1902
+ end
1903
+
1904
+ # Contains the identifier and the friendly name or description of the
1905
+ # `Rule`.
1906
+ # @!attribute [rw] rule_id
1907
+ # A unique identifier for a `Rule`. You use `RuleId` to get more
1908
+ # information about a `Rule` (see GetRule), update a `Rule` (see
1909
+ # UpdateRule), insert a `Rule` into a `WebACL` or delete one from a
1910
+ # `WebACL` (see UpdateWebACL), or delete a `Rule` from AWS WAF (see
1911
+ # DeleteRule).
1912
+ #
1913
+ # `RuleId` is returned by CreateRule and by ListRules.
1914
+ # @return [String]
1915
+ #
1916
+ # @!attribute [rw] name
1917
+ # A friendly name or description of the Rule. You can't change the
1918
+ # name of a `Rule` after you create it.
1919
+ # @return [String]
1920
+ class RuleSummary < Struct.new(
1921
+ :rule_id,
1922
+ :name)
1923
+ include Aws::Structure
1924
+ end
1925
+
1926
+ # Specifies a `Predicate` (such as an `IPSet`) and indicates whether you
1927
+ # want to add it to a `Rule` or delete it from a `Rule`.
1928
+ # @note When making an API call, pass RuleUpdate
1929
+ # data as a hash:
1930
+ #
1931
+ # {
1932
+ # action: "INSERT", # required, accepts INSERT, DELETE
1933
+ # predicate: { # required
1934
+ # negated: false, # required
1935
+ # type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
1936
+ # data_id: "ResourceId", # required
1937
+ # },
1938
+ # }
1939
+ # @!attribute [rw] action
1940
+ # Specify `INSERT` to add a `Predicate` to a `Rule`. Use `DELETE` to
1941
+ # remove a `Predicate` from a `Rule`.
1942
+ # @return [String]
1943
+ #
1944
+ # @!attribute [rw] predicate
1945
+ # The ID of the `Predicate` (such as an `IPSet`) that you want to add
1946
+ # to a `Rule`.
1947
+ # @return [Types::Predicate]
1948
+ class RuleUpdate < Struct.new(
1949
+ :action,
1950
+ :predicate)
1951
+ include Aws::Structure
1952
+ end
1953
+
1954
+ # The response from a GetSampledRequests request includes a
1955
+ # `SampledHTTPRequests` complex type that appears as `SampledRequests`
1956
+ # in the response syntax. `SampledHTTPRequests` contains one
1957
+ # `SampledHTTPRequest` object for each web request that is returned by
1958
+ # `GetSampledRequests`.
1959
+ # @!attribute [rw] request
1960
+ # A complex type that contains detailed information about the request.
1961
+ # @return [Types::HTTPRequest]
1962
+ #
1963
+ # @!attribute [rw] weight
1964
+ # A value that indicates how one result in the response relates
1965
+ # proportionally to other results in the response. A result that has a
1966
+ # weight of `2` represents roughly twice as many CloudFront web
1967
+ # requests as a result that has a weight of `1`.
1968
+ # @return [Integer]
1969
+ #
1970
+ # @!attribute [rw] timestamp
1971
+ # The time at which AWS WAF received the request from your AWS
1972
+ # resource, in Unix time format (in seconds).
1973
+ # @return [Time]
1974
+ #
1975
+ # @!attribute [rw] action
1976
+ # The action for the `Rule` that the request matched: `ALLOW`,
1977
+ # `BLOCK`, or `COUNT`.
1978
+ # @return [String]
1979
+ class SampledHTTPRequest < Struct.new(
1980
+ :request,
1981
+ :weight,
1982
+ :timestamp,
1983
+ :action)
1984
+ include Aws::Structure
1985
+ end
1986
+
1987
+ # Specifies a constraint on the size of a part of the web request. AWS
1988
+ # WAF uses the `Size`, `ComparisonOperator`, and `FieldToMatch` to build
1989
+ # an expression in the form of "`Size` `ComparisonOperator` size in
1990
+ # bytes of `FieldToMatch`". If that expression is true, the
1991
+ # `SizeConstraint` is considered to match.
1992
+ # @note When making an API call, pass SizeConstraint
1993
+ # data as a hash:
1994
+ #
1995
+ # {
1996
+ # field_to_match: { # required
1997
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
1998
+ # data: "MatchFieldData",
1999
+ # },
2000
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2001
+ # comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
2002
+ # size: 1, # required
2003
+ # }
2004
+ # @!attribute [rw] field_to_match
2005
+ # Specifies where in a web request to look for `TargetString`.
2006
+ # @return [Types::FieldToMatch]
2007
+ #
2008
+ # @!attribute [rw] text_transformation
2009
+ # Text transformations eliminate some of the unusual formatting that
2010
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
2011
+ # specify a transformation, AWS WAF performs the transformation on
2012
+ # `FieldToMatch` before inspecting a request for a match.
2013
+ #
2014
+ # Note that if you choose `BODY` for the value of `Type`, you must
2015
+ # choose `NONE` for `TextTransformation` because CloudFront forwards
2016
+ # only the first 8192 bytes for inspection.
2017
+ #
2018
+ # **NONE**
2019
+ #
2020
+ # Specify `NONE` if you don't want to perform any text
2021
+ # transformations.
2022
+ #
2023
+ # **CMD\_LINE**
2024
+ #
2025
+ # When you're concerned that attackers are injecting an operating
2026
+ # system command line command and using unusual formatting to disguise
2027
+ # some or all of the command, use this option to perform the following
2028
+ # transformations:
2029
+ #
2030
+ # * Delete the following characters: \\ " ' ^
2031
+ #
2032
+ # * Delete spaces before the following characters: / (
2033
+ #
2034
+ # * Replace the following characters with a space: , ;
2035
+ #
2036
+ # * Replace multiple spaces with one space
2037
+ #
2038
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
2039
+ #
2040
+ # **COMPRESS\_WHITE\_SPACE**
2041
+ #
2042
+ # Use this option to replace the following characters with a space
2043
+ # character (decimal 32):
2044
+ #
2045
+ # * \\f, formfeed, decimal 12
2046
+ #
2047
+ # * \\t, tab, decimal 9
2048
+ #
2049
+ # * \\n, newline, decimal 10
2050
+ #
2051
+ # * \\r, carriage return, decimal 13
2052
+ #
2053
+ # * \\v, vertical tab, decimal 11
2054
+ #
2055
+ # * non-breaking space, decimal 160
2056
+ #
2057
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
2058
+ #
2059
+ # **HTML\_ENTITY\_DECODE**
2060
+ #
2061
+ # Use this option to replace HTML-encoded characters with unencoded
2062
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
2063
+ #
2064
+ # * Replaces `(ampersand)quot;` with `"`
2065
+ #
2066
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
2067
+ #
2068
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
2069
+ #
2070
+ # * Replaces `(ampersand)gt;` with `>`
2071
+ #
2072
+ # * Replaces characters that are represented in hexadecimal format,
2073
+ # `(ampersand)#xhhhh;`, with the corresponding characters
2074
+ #
2075
+ # * Replaces characters that are represented in decimal format,
2076
+ # `(ampersand)#nnnn;`, with the corresponding characters
2077
+ #
2078
+ # **LOWERCASE**
2079
+ #
2080
+ # Use this option to convert uppercase letters (A-Z) to lowercase
2081
+ # (a-z).
2082
+ #
2083
+ # **URL\_DECODE**
2084
+ #
2085
+ # Use this option to decode a URL-encoded value.
2086
+ # @return [String]
2087
+ #
2088
+ # @!attribute [rw] comparison_operator
2089
+ # The type of comparison you want AWS WAF to perform. AWS WAF uses
2090
+ # this in combination with the provided `Size` and `FieldToMatch` to
2091
+ # build an expression in the form of "`Size` `ComparisonOperator`
2092
+ # size in bytes of `FieldToMatch`". If that expression is true, the
2093
+ # `SizeConstraint` is considered to match.
2094
+ #
2095
+ # **EQ**\: Used to test if the `Size` is equal to the size of the
2096
+ # `FieldToMatch`
2097
+ #
2098
+ # **NE**\: Used to test if the `Size` is not equal to the size of the
2099
+ # `FieldToMatch`
2100
+ #
2101
+ # **LE**\: Used to test if the `Size` is less than or equal to the
2102
+ # size of the `FieldToMatch`
2103
+ #
2104
+ # **LT**\: Used to test if the `Size` is strictly less than the size
2105
+ # of the `FieldToMatch`
2106
+ #
2107
+ # **GE**\: Used to test if the `Size` is greater than or equal to the
2108
+ # size of the `FieldToMatch`
2109
+ #
2110
+ # **GT**\: Used to test if the `Size` is strictly greater than the
2111
+ # size of the `FieldToMatch`
2112
+ # @return [String]
2113
+ #
2114
+ # @!attribute [rw] size
2115
+ # The size in bytes that you want AWS WAF to compare against the size
2116
+ # of the specified `FieldToMatch`. AWS WAF uses this in combination
2117
+ # with `ComparisonOperator` and `FieldToMatch` to build an expression
2118
+ # in the form of "`Size` `ComparisonOperator` size in bytes of
2119
+ # `FieldToMatch`". If that expression is true, the `SizeConstraint`
2120
+ # is considered to match.
2121
+ #
2122
+ # Valid values for size are 0 - 21474836480 bytes (0 - 20 GB).
2123
+ #
2124
+ # If you specify `URI` for the value of `Type`, the / in the URI
2125
+ # counts as one character. For example, the URI `/logo.jpg` is nine
2126
+ # characters long.
2127
+ # @return [Integer]
2128
+ class SizeConstraint < Struct.new(
2129
+ :field_to_match,
2130
+ :text_transformation,
2131
+ :comparison_operator,
2132
+ :size)
2133
+ include Aws::Structure
2134
+ end
2135
+
2136
+ # A complex type that contains `SizeConstraint` objects, which specify
2137
+ # the parts of web requests that you want AWS WAF to inspect the size
2138
+ # of. If a `SizeConstraintSet` contains more than one `SizeConstraint`
2139
+ # object, a request only needs to match one constraint to be considered
2140
+ # a match.
2141
+ # @!attribute [rw] size_constraint_set_id
2142
+ # A unique identifier for a `SizeConstraintSet`. You use
2143
+ # `SizeConstraintSetId` to get information about a `SizeConstraintSet`
2144
+ # (see GetSizeConstraintSet), update a `SizeConstraintSet` (see
2145
+ # UpdateSizeConstraintSet), insert a `SizeConstraintSet` into a `Rule`
2146
+ # or delete one from a `Rule` (see UpdateRule), and delete a
2147
+ # `SizeConstraintSet` from AWS WAF (see DeleteSizeConstraintSet).
2148
+ #
2149
+ # `SizeConstraintSetId` is returned by CreateSizeConstraintSet and by
2150
+ # ListSizeConstraintSets.
2151
+ # @return [String]
2152
+ #
2153
+ # @!attribute [rw] name
2154
+ # The name, if any, of the `SizeConstraintSet`.
2155
+ # @return [String]
2156
+ #
2157
+ # @!attribute [rw] size_constraints
2158
+ # Specifies the parts of web requests that you want to inspect the
2159
+ # size of.
2160
+ # @return [Array<Types::SizeConstraint>]
2161
+ class SizeConstraintSet < Struct.new(
2162
+ :size_constraint_set_id,
2163
+ :name,
2164
+ :size_constraints)
2165
+ include Aws::Structure
2166
+ end
2167
+
2168
+ # The `Id` and `Name` of a `SizeConstraintSet`.
2169
+ # @!attribute [rw] size_constraint_set_id
2170
+ # A unique identifier for a `SizeConstraintSet`. You use
2171
+ # `SizeConstraintSetId` to get information about a `SizeConstraintSet`
2172
+ # (see GetSizeConstraintSet), update a `SizeConstraintSet` (see
2173
+ # UpdateSizeConstraintSet), insert a `SizeConstraintSet` into a `Rule`
2174
+ # or delete one from a `Rule` (see UpdateRule), and delete a
2175
+ # `SizeConstraintSet` from AWS WAF (see DeleteSizeConstraintSet).
2176
+ #
2177
+ # `SizeConstraintSetId` is returned by CreateSizeConstraintSet and by
2178
+ # ListSizeConstraintSets.
2179
+ # @return [String]
2180
+ #
2181
+ # @!attribute [rw] name
2182
+ # The name of the `SizeConstraintSet`, if any.
2183
+ # @return [String]
2184
+ class SizeConstraintSetSummary < Struct.new(
2185
+ :size_constraint_set_id,
2186
+ :name)
2187
+ include Aws::Structure
2188
+ end
2189
+
2190
+ # Specifies the part of a web request that you want to inspect the size
2191
+ # of and indicates whether you want to add the specification to a
2192
+ # SizeConstraintSet or delete it from a `SizeConstraintSet`.
2193
+ # @note When making an API call, pass SizeConstraintSetUpdate
2194
+ # data as a hash:
2195
+ #
2196
+ # {
2197
+ # action: "INSERT", # required, accepts INSERT, DELETE
2198
+ # size_constraint: { # required
2199
+ # field_to_match: { # required
2200
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2201
+ # data: "MatchFieldData",
2202
+ # },
2203
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2204
+ # comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
2205
+ # size: 1, # required
2206
+ # },
2207
+ # }
2208
+ # @!attribute [rw] action
2209
+ # Specify `INSERT` to add a SizeConstraintSetUpdate to a
2210
+ # SizeConstraintSet. Use `DELETE` to remove a
2211
+ # `SizeConstraintSetUpdate` from a `SizeConstraintSet`.
2212
+ # @return [String]
2213
+ #
2214
+ # @!attribute [rw] size_constraint
2215
+ # Specifies a constraint on the size of a part of the web request. AWS
2216
+ # WAF uses the `Size`, `ComparisonOperator`, and `FieldToMatch` to
2217
+ # build an expression in the form of "`Size` `ComparisonOperator`
2218
+ # size in bytes of `FieldToMatch`". If that expression is true, the
2219
+ # `SizeConstraint` is considered to match.
2220
+ # @return [Types::SizeConstraint]
2221
+ class SizeConstraintSetUpdate < Struct.new(
2222
+ :action,
2223
+ :size_constraint)
2224
+ include Aws::Structure
2225
+ end
2226
+
2227
+ # A complex type that contains `SqlInjectionMatchTuple` objects, which
2228
+ # specify the parts of web requests that you want AWS WAF to inspect for
2229
+ # snippets of malicious SQL code and, if you want AWS WAF to inspect a
2230
+ # header, the name of the header. If a `SqlInjectionMatchSet` contains
2231
+ # more than one `SqlInjectionMatchTuple` object, a request needs to
2232
+ # include snippets of SQL code in only one of the specified parts of the
2233
+ # request to be considered a match.
2234
+ # @!attribute [rw] sql_injection_match_set_id
2235
+ # A unique identifier for a `SqlInjectionMatchSet`. You use
2236
+ # `SqlInjectionMatchSetId` to get information about a
2237
+ # `SqlInjectionMatchSet` (see GetSqlInjectionMatchSet), update a
2238
+ # `SqlInjectionMatchSet` (see UpdateSqlInjectionMatchSet), insert a
2239
+ # `SqlInjectionMatchSet` into a `Rule` or delete one from a `Rule`
2240
+ # (see UpdateRule), and delete a `SqlInjectionMatchSet` from AWS WAF
2241
+ # (see DeleteSqlInjectionMatchSet).
2242
+ #
2243
+ # `SqlInjectionMatchSetId` is returned by CreateSqlInjectionMatchSet
2244
+ # and by ListSqlInjectionMatchSets.
2245
+ # @return [String]
2246
+ #
2247
+ # @!attribute [rw] name
2248
+ # The name, if any, of the `SqlInjectionMatchSet`.
2249
+ # @return [String]
2250
+ #
2251
+ # @!attribute [rw] sql_injection_match_tuples
2252
+ # Specifies the parts of web requests that you want to inspect for
2253
+ # snippets of malicious SQL code.
2254
+ # @return [Array<Types::SqlInjectionMatchTuple>]
2255
+ class SqlInjectionMatchSet < Struct.new(
2256
+ :sql_injection_match_set_id,
2257
+ :name,
2258
+ :sql_injection_match_tuples)
2259
+ include Aws::Structure
2260
+ end
2261
+
2262
+ # The `Id` and `Name` of a `SqlInjectionMatchSet`.
2263
+ # @!attribute [rw] sql_injection_match_set_id
2264
+ # A unique identifier for a `SqlInjectionMatchSet`. You use
2265
+ # `SqlInjectionMatchSetId` to get information about a
2266
+ # `SqlInjectionMatchSet` (see GetSqlInjectionMatchSet), update a
2267
+ # `SqlInjectionMatchSet` (see UpdateSqlInjectionMatchSet), insert a
2268
+ # `SqlInjectionMatchSet` into a `Rule` or delete one from a `Rule`
2269
+ # (see UpdateRule), and delete a `SqlInjectionMatchSet` from AWS WAF
2270
+ # (see DeleteSqlInjectionMatchSet).
2271
+ #
2272
+ # `SqlInjectionMatchSetId` is returned by CreateSqlInjectionMatchSet
2273
+ # and by ListSqlInjectionMatchSets.
2274
+ # @return [String]
2275
+ #
2276
+ # @!attribute [rw] name
2277
+ # The name of the `SqlInjectionMatchSet`, if any, specified by `Id`.
2278
+ # @return [String]
2279
+ class SqlInjectionMatchSetSummary < Struct.new(
2280
+ :sql_injection_match_set_id,
2281
+ :name)
2282
+ include Aws::Structure
2283
+ end
2284
+
2285
+ # Specifies the part of a web request that you want to inspect for
2286
+ # snippets of malicious SQL code and indicates whether you want to add
2287
+ # the specification to a SqlInjectionMatchSet or delete it from a
2288
+ # `SqlInjectionMatchSet`.
2289
+ # @note When making an API call, pass SqlInjectionMatchSetUpdate
2290
+ # data as a hash:
2291
+ #
2292
+ # {
2293
+ # action: "INSERT", # required, accepts INSERT, DELETE
2294
+ # sql_injection_match_tuple: { # required
2295
+ # field_to_match: { # required
2296
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2297
+ # data: "MatchFieldData",
2298
+ # },
2299
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2300
+ # },
2301
+ # }
2302
+ # @!attribute [rw] action
2303
+ # Specify `INSERT` to add a SqlInjectionMatchSetUpdate to a
2304
+ # SqlInjectionMatchSet. Use `DELETE` to remove a
2305
+ # `SqlInjectionMatchSetUpdate` from a `SqlInjectionMatchSet`.
2306
+ # @return [String]
2307
+ #
2308
+ # @!attribute [rw] sql_injection_match_tuple
2309
+ # Specifies the part of a web request that you want AWS WAF to inspect
2310
+ # for snippets of malicious SQL code and, if you want AWS WAF to
2311
+ # inspect a header, the name of the header.
2312
+ # @return [Types::SqlInjectionMatchTuple]
2313
+ class SqlInjectionMatchSetUpdate < Struct.new(
2314
+ :action,
2315
+ :sql_injection_match_tuple)
2316
+ include Aws::Structure
2317
+ end
2318
+
2319
+ # Specifies the part of a web request that you want AWS WAF to inspect
2320
+ # for snippets of malicious SQL code and, if you want AWS WAF to inspect
2321
+ # a header, the name of the header.
2322
+ # @note When making an API call, pass SqlInjectionMatchTuple
2323
+ # data as a hash:
2324
+ #
2325
+ # {
2326
+ # field_to_match: { # required
2327
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2328
+ # data: "MatchFieldData",
2329
+ # },
2330
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2331
+ # }
2332
+ # @!attribute [rw] field_to_match
2333
+ # Specifies where in a web request to look for `TargetString`.
2334
+ # @return [Types::FieldToMatch]
2335
+ #
2336
+ # @!attribute [rw] text_transformation
2337
+ # Text transformations eliminate some of the unusual formatting that
2338
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
2339
+ # specify a transformation, AWS WAF performs the transformation on
2340
+ # `FieldToMatch` before inspecting a request for a match.
2341
+ #
2342
+ # **CMD\_LINE**
2343
+ #
2344
+ # When you're concerned that attackers are injecting an operating
2345
+ # system commandline command and using unusual formatting to disguise
2346
+ # some or all of the command, use this option to perform the following
2347
+ # transformations:
2348
+ #
2349
+ # * Delete the following characters: \\ " ' ^
2350
+ #
2351
+ # * Delete spaces before the following characters: / (
2352
+ #
2353
+ # * Replace the following characters with a space: , ;
2354
+ #
2355
+ # * Replace multiple spaces with one space
2356
+ #
2357
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
2358
+ #
2359
+ # **COMPRESS\_WHITE\_SPACE**
2360
+ #
2361
+ # Use this option to replace the following characters with a space
2362
+ # character (decimal 32):
2363
+ #
2364
+ # * \\f, formfeed, decimal 12
2365
+ #
2366
+ # * \\t, tab, decimal 9
2367
+ #
2368
+ # * \\n, newline, decimal 10
2369
+ #
2370
+ # * \\r, carriage return, decimal 13
2371
+ #
2372
+ # * \\v, vertical tab, decimal 11
2373
+ #
2374
+ # * non-breaking space, decimal 160
2375
+ #
2376
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
2377
+ #
2378
+ # **HTML\_ENTITY\_DECODE**
2379
+ #
2380
+ # Use this option to replace HTML-encoded characters with unencoded
2381
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
2382
+ #
2383
+ # * Replaces `(ampersand)quot;` with `"`
2384
+ #
2385
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
2386
+ #
2387
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
2388
+ #
2389
+ # * Replaces `(ampersand)gt;` with `>`
2390
+ #
2391
+ # * Replaces characters that are represented in hexadecimal format,
2392
+ # `(ampersand)#xhhhh;`, with the corresponding characters
2393
+ #
2394
+ # * Replaces characters that are represented in decimal format,
2395
+ # `(ampersand)#nnnn;`, with the corresponding characters
2396
+ #
2397
+ # **LOWERCASE**
2398
+ #
2399
+ # Use this option to convert uppercase letters (A-Z) to lowercase
2400
+ # (a-z).
2401
+ #
2402
+ # **URL\_DECODE**
2403
+ #
2404
+ # Use this option to decode a URL-encoded value.
2405
+ #
2406
+ # **NONE**
2407
+ #
2408
+ # Specify `NONE` if you don't want to perform any text
2409
+ # transformations.
2410
+ # @return [String]
2411
+ class SqlInjectionMatchTuple < Struct.new(
2412
+ :field_to_match,
2413
+ :text_transformation)
2414
+ include Aws::Structure
2415
+ end
2416
+
2417
+ # In a GetSampledRequests request, the `StartTime` and `EndTime` objects
2418
+ # specify the time range for which you want AWS WAF to return a sample
2419
+ # of web requests.
2420
+ #
2421
+ # In a GetSampledRequests response, the `StartTime` and `EndTime`
2422
+ # objects specify the time range for which AWS WAF actually returned a
2423
+ # sample of web requests. AWS WAF gets the specified number of requests
2424
+ # from among the first 5,000 requests that your AWS resource receives
2425
+ # during the specified time period. If your resource receives more than
2426
+ # 5,000 requests during that period, AWS WAF stops sampling after the
2427
+ # 5,000th request. In that case, `EndTime` is the time that AWS WAF
2428
+ # received the 5,000th request.
2429
+ # @note When making an API call, pass TimeWindow
2430
+ # data as a hash:
2431
+ #
2432
+ # {
2433
+ # start_time: Time.now, # required
2434
+ # end_time: Time.now, # required
2435
+ # }
2436
+ # @!attribute [rw] start_time
2437
+ # The beginning of the time range from which you want
2438
+ # `GetSampledRequests` to return a sample of the requests that your
2439
+ # AWS resource received. You can specify any time range in the
2440
+ # previous three hours.
2441
+ # @return [Time]
2442
+ #
2443
+ # @!attribute [rw] end_time
2444
+ # The end of the time range from which you want `GetSampledRequests`
2445
+ # to return a sample of the requests that your AWS resource received.
2446
+ # You can specify any time range in the previous three hours.
2447
+ # @return [Time]
2448
+ class TimeWindow < Struct.new(
2449
+ :start_time,
2450
+ :end_time)
2451
+ include Aws::Structure
2452
+ end
2453
+
2454
+ # @note When making an API call, pass UpdateByteMatchSetRequest
2455
+ # data as a hash:
2456
+ #
2457
+ # {
2458
+ # byte_match_set_id: "ResourceId", # required
2459
+ # change_token: "ChangeToken", # required
2460
+ # updates: [ # required
2461
+ # {
2462
+ # action: "INSERT", # required, accepts INSERT, DELETE
2463
+ # byte_match_tuple: { # required
2464
+ # field_to_match: { # required
2465
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2466
+ # data: "MatchFieldData",
2467
+ # },
2468
+ # target_string: "data", # required
2469
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2470
+ # positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
2471
+ # },
2472
+ # },
2473
+ # ],
2474
+ # }
2475
+ # @!attribute [rw] byte_match_set_id
2476
+ # The `ByteMatchSetId` of the ByteMatchSet that you want to update.
2477
+ # `ByteMatchSetId` is returned by CreateByteMatchSet and by
2478
+ # ListByteMatchSets.
2479
+ # @return [String]
2480
+ #
2481
+ # @!attribute [rw] change_token
2482
+ # The value returned by the most recent call to GetChangeToken.
2483
+ # @return [String]
2484
+ #
2485
+ # @!attribute [rw] updates
2486
+ # An array of `ByteMatchSetUpdate` objects that you want to insert
2487
+ # into or delete from a ByteMatchSet. For more information, see the
2488
+ # applicable data types:
2489
+ #
2490
+ # * ByteMatchSetUpdate: Contains `Action` and `ByteMatchTuple`
2491
+ #
2492
+ # * ByteMatchTuple: Contains `FieldToMatch`, `PositionalConstraint`,
2493
+ # `TargetString`, and `TextTransformation`
2494
+ #
2495
+ # * FieldToMatch: Contains `Data` and `Type`
2496
+ # @return [Array<Types::ByteMatchSetUpdate>]
2497
+ class UpdateByteMatchSetRequest < Struct.new(
2498
+ :byte_match_set_id,
2499
+ :change_token,
2500
+ :updates)
2501
+ include Aws::Structure
2502
+ end
2503
+
2504
+ # @!attribute [rw] change_token
2505
+ # The `ChangeToken` that you used to submit the `UpdateByteMatchSet`
2506
+ # request. You can also use this value to query the status of the
2507
+ # request. For more information, see GetChangeTokenStatus.
2508
+ # @return [String]
2509
+ class UpdateByteMatchSetResponse < Struct.new(
2510
+ :change_token)
2511
+ include Aws::Structure
2512
+ end
2513
+
2514
+ # @note When making an API call, pass UpdateIPSetRequest
2515
+ # data as a hash:
2516
+ #
2517
+ # {
2518
+ # ip_set_id: "ResourceId", # required
2519
+ # change_token: "ChangeToken", # required
2520
+ # updates: [ # required
2521
+ # {
2522
+ # action: "INSERT", # required, accepts INSERT, DELETE
2523
+ # ip_set_descriptor: { # required
2524
+ # type: "IPV4", # required, accepts IPV4, IPV6
2525
+ # value: "IPSetDescriptorValue", # required
2526
+ # },
2527
+ # },
2528
+ # ],
2529
+ # }
2530
+ # @!attribute [rw] ip_set_id
2531
+ # The `IPSetId` of the IPSet that you want to update. `IPSetId` is
2532
+ # returned by CreateIPSet and by ListIPSets.
2533
+ # @return [String]
2534
+ #
2535
+ # @!attribute [rw] change_token
2536
+ # The value returned by the most recent call to GetChangeToken.
2537
+ # @return [String]
2538
+ #
2539
+ # @!attribute [rw] updates
2540
+ # An array of `IPSetUpdate` objects that you want to insert into or
2541
+ # delete from an IPSet. For more information, see the applicable data
2542
+ # types:
2543
+ #
2544
+ # * IPSetUpdate: Contains `Action` and `IPSetDescriptor`
2545
+ #
2546
+ # * IPSetDescriptor: Contains `Type` and `Value`
2547
+ # @return [Array<Types::IPSetUpdate>]
2548
+ class UpdateIPSetRequest < Struct.new(
2549
+ :ip_set_id,
2550
+ :change_token,
2551
+ :updates)
2552
+ include Aws::Structure
2553
+ end
2554
+
2555
+ # @!attribute [rw] change_token
2556
+ # The `ChangeToken` that you used to submit the `UpdateIPSet` request.
2557
+ # You can also use this value to query the status of the request. For
2558
+ # more information, see GetChangeTokenStatus.
2559
+ # @return [String]
2560
+ class UpdateIPSetResponse < Struct.new(
2561
+ :change_token)
2562
+ include Aws::Structure
2563
+ end
2564
+
2565
+ # @note When making an API call, pass UpdateRuleRequest
2566
+ # data as a hash:
2567
+ #
2568
+ # {
2569
+ # rule_id: "ResourceId", # required
2570
+ # change_token: "ChangeToken", # required
2571
+ # updates: [ # required
2572
+ # {
2573
+ # action: "INSERT", # required, accepts INSERT, DELETE
2574
+ # predicate: { # required
2575
+ # negated: false, # required
2576
+ # type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
2577
+ # data_id: "ResourceId", # required
2578
+ # },
2579
+ # },
2580
+ # ],
2581
+ # }
2582
+ # @!attribute [rw] rule_id
2583
+ # The `RuleId` of the `Rule` that you want to update. `RuleId` is
2584
+ # returned by `CreateRule` and by ListRules.
2585
+ # @return [String]
2586
+ #
2587
+ # @!attribute [rw] change_token
2588
+ # The value returned by the most recent call to GetChangeToken.
2589
+ # @return [String]
2590
+ #
2591
+ # @!attribute [rw] updates
2592
+ # An array of `RuleUpdate` objects that you want to insert into or
2593
+ # delete from a Rule. For more information, see the applicable data
2594
+ # types:
2595
+ #
2596
+ # * RuleUpdate: Contains `Action` and `Predicate`
2597
+ #
2598
+ # * Predicate: Contains `DataId`, `Negated`, and `Type`
2599
+ #
2600
+ # * FieldToMatch: Contains `Data` and `Type`
2601
+ # @return [Array<Types::RuleUpdate>]
2602
+ class UpdateRuleRequest < Struct.new(
2603
+ :rule_id,
2604
+ :change_token,
2605
+ :updates)
2606
+ include Aws::Structure
2607
+ end
2608
+
2609
+ # @!attribute [rw] change_token
2610
+ # The `ChangeToken` that you used to submit the `UpdateRule` request.
2611
+ # You can also use this value to query the status of the request. For
2612
+ # more information, see GetChangeTokenStatus.
2613
+ # @return [String]
2614
+ class UpdateRuleResponse < Struct.new(
2615
+ :change_token)
2616
+ include Aws::Structure
2617
+ end
2618
+
2619
+ # @note When making an API call, pass UpdateSizeConstraintSetRequest
2620
+ # data as a hash:
2621
+ #
2622
+ # {
2623
+ # size_constraint_set_id: "ResourceId", # required
2624
+ # change_token: "ChangeToken", # required
2625
+ # updates: [ # required
2626
+ # {
2627
+ # action: "INSERT", # required, accepts INSERT, DELETE
2628
+ # size_constraint: { # required
2629
+ # field_to_match: { # required
2630
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2631
+ # data: "MatchFieldData",
2632
+ # },
2633
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2634
+ # comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
2635
+ # size: 1, # required
2636
+ # },
2637
+ # },
2638
+ # ],
2639
+ # }
2640
+ # @!attribute [rw] size_constraint_set_id
2641
+ # The `SizeConstraintSetId` of the SizeConstraintSet that you want to
2642
+ # update. `SizeConstraintSetId` is returned by CreateSizeConstraintSet
2643
+ # and by ListSizeConstraintSets.
2644
+ # @return [String]
2645
+ #
2646
+ # @!attribute [rw] change_token
2647
+ # The value returned by the most recent call to GetChangeToken.
2648
+ # @return [String]
2649
+ #
2650
+ # @!attribute [rw] updates
2651
+ # An array of `SizeConstraintSetUpdate` objects that you want to
2652
+ # insert into or delete from a SizeConstraintSet. For more
2653
+ # information, see the applicable data types:
2654
+ #
2655
+ # * SizeConstraintSetUpdate: Contains `Action` and `SizeConstraint`
2656
+ #
2657
+ # * SizeConstraint: Contains `FieldToMatch`, `TextTransformation`,
2658
+ # `ComparisonOperator`, and `Size`
2659
+ #
2660
+ # * FieldToMatch: Contains `Data` and `Type`
2661
+ # @return [Array<Types::SizeConstraintSetUpdate>]
2662
+ class UpdateSizeConstraintSetRequest < Struct.new(
2663
+ :size_constraint_set_id,
2664
+ :change_token,
2665
+ :updates)
2666
+ include Aws::Structure
2667
+ end
2668
+
2669
+ # @!attribute [rw] change_token
2670
+ # The `ChangeToken` that you used to submit the
2671
+ # `UpdateSizeConstraintSet` request. You can also use this value to
2672
+ # query the status of the request. For more information, see
2673
+ # GetChangeTokenStatus.
2674
+ # @return [String]
2675
+ class UpdateSizeConstraintSetResponse < Struct.new(
2676
+ :change_token)
2677
+ include Aws::Structure
2678
+ end
2679
+
2680
+ # A request to update a SqlInjectionMatchSet.
2681
+ # @note When making an API call, pass UpdateSqlInjectionMatchSetRequest
2682
+ # data as a hash:
2683
+ #
2684
+ # {
2685
+ # sql_injection_match_set_id: "ResourceId", # required
2686
+ # change_token: "ChangeToken", # required
2687
+ # updates: [ # required
2688
+ # {
2689
+ # action: "INSERT", # required, accepts INSERT, DELETE
2690
+ # sql_injection_match_tuple: { # required
2691
+ # field_to_match: { # required
2692
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2693
+ # data: "MatchFieldData",
2694
+ # },
2695
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2696
+ # },
2697
+ # },
2698
+ # ],
2699
+ # }
2700
+ # @!attribute [rw] sql_injection_match_set_id
2701
+ # The `SqlInjectionMatchSetId` of the `SqlInjectionMatchSet` that you
2702
+ # want to update. `SqlInjectionMatchSetId` is returned by
2703
+ # CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.
2704
+ # @return [String]
2705
+ #
2706
+ # @!attribute [rw] change_token
2707
+ # The value returned by the most recent call to GetChangeToken.
2708
+ # @return [String]
2709
+ #
2710
+ # @!attribute [rw] updates
2711
+ # An array of `SqlInjectionMatchSetUpdate` objects that you want to
2712
+ # insert into or delete from a SqlInjectionMatchSet. For more
2713
+ # information, see the applicable data types:
2714
+ #
2715
+ # * SqlInjectionMatchSetUpdate: Contains `Action` and
2716
+ # `SqlInjectionMatchTuple`
2717
+ #
2718
+ # * SqlInjectionMatchTuple: Contains `FieldToMatch` and
2719
+ # `TextTransformation`
2720
+ #
2721
+ # * FieldToMatch: Contains `Data` and `Type`
2722
+ # @return [Array<Types::SqlInjectionMatchSetUpdate>]
2723
+ class UpdateSqlInjectionMatchSetRequest < Struct.new(
2724
+ :sql_injection_match_set_id,
2725
+ :change_token,
2726
+ :updates)
2727
+ include Aws::Structure
2728
+ end
2729
+
2730
+ # The response to an UpdateSqlInjectionMatchSets request.
2731
+ # @!attribute [rw] change_token
2732
+ # The `ChangeToken` that you used to submit the
2733
+ # `UpdateSqlInjectionMatchSet` request. You can also use this value to
2734
+ # query the status of the request. For more information, see
2735
+ # GetChangeTokenStatus.
2736
+ # @return [String]
2737
+ class UpdateSqlInjectionMatchSetResponse < Struct.new(
2738
+ :change_token)
2739
+ include Aws::Structure
2740
+ end
2741
+
2742
+ # @note When making an API call, pass UpdateWebACLRequest
2743
+ # data as a hash:
2744
+ #
2745
+ # {
2746
+ # web_acl_id: "ResourceId", # required
2747
+ # change_token: "ChangeToken", # required
2748
+ # updates: [
2749
+ # {
2750
+ # action: "INSERT", # required, accepts INSERT, DELETE
2751
+ # activated_rule: { # required
2752
+ # priority: 1, # required
2753
+ # rule_id: "ResourceId", # required
2754
+ # action: { # required
2755
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2756
+ # },
2757
+ # },
2758
+ # },
2759
+ # ],
2760
+ # default_action: {
2761
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2762
+ # },
2763
+ # }
2764
+ # @!attribute [rw] web_acl_id
2765
+ # The `WebACLId` of the WebACL that you want to update. `WebACLId` is
2766
+ # returned by CreateWebACL and by ListWebACLs.
2767
+ # @return [String]
2768
+ #
2769
+ # @!attribute [rw] change_token
2770
+ # The value returned by the most recent call to GetChangeToken.
2771
+ # @return [String]
2772
+ #
2773
+ # @!attribute [rw] updates
2774
+ # An array of updates to make to the WebACL.
2775
+ #
2776
+ # An array of `WebACLUpdate` objects that you want to insert into or
2777
+ # delete from a WebACL. For more information, see the applicable data
2778
+ # types:
2779
+ #
2780
+ # * WebACLUpdate: Contains `Action` and `ActivatedRule`
2781
+ #
2782
+ # * ActivatedRule: Contains `Action`, `Priority`, and `RuleId`
2783
+ #
2784
+ # * WafAction: Contains `Type`
2785
+ # @return [Array<Types::WebACLUpdate>]
2786
+ #
2787
+ # @!attribute [rw] default_action
2788
+ # For the action that is associated with a rule in a `WebACL`,
2789
+ # specifies the action that you want AWS WAF to perform when a web
2790
+ # request matches all of the conditions in a rule. For the default
2791
+ # action in a `WebACL`, specifies the action that you want AWS WAF to
2792
+ # take when a web request doesn't match all of the conditions in any
2793
+ # of the rules in a `WebACL`.
2794
+ # @return [Types::WafAction]
2795
+ class UpdateWebACLRequest < Struct.new(
2796
+ :web_acl_id,
2797
+ :change_token,
2798
+ :updates,
2799
+ :default_action)
2800
+ include Aws::Structure
2801
+ end
2802
+
2803
+ # @!attribute [rw] change_token
2804
+ # The `ChangeToken` that you used to submit the `UpdateWebACL`
2805
+ # request. You can also use this value to query the status of the
2806
+ # request. For more information, see GetChangeTokenStatus.
2807
+ # @return [String]
2808
+ class UpdateWebACLResponse < Struct.new(
2809
+ :change_token)
2810
+ include Aws::Structure
2811
+ end
2812
+
2813
+ # A request to update an XssMatchSet.
2814
+ # @note When making an API call, pass UpdateXssMatchSetRequest
2815
+ # data as a hash:
2816
+ #
2817
+ # {
2818
+ # xss_match_set_id: "ResourceId", # required
2819
+ # change_token: "ChangeToken", # required
2820
+ # updates: [ # required
2821
+ # {
2822
+ # action: "INSERT", # required, accepts INSERT, DELETE
2823
+ # xss_match_tuple: { # required
2824
+ # field_to_match: { # required
2825
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
2826
+ # data: "MatchFieldData",
2827
+ # },
2828
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
2829
+ # },
2830
+ # },
2831
+ # ],
2832
+ # }
2833
+ # @!attribute [rw] xss_match_set_id
2834
+ # The `XssMatchSetId` of the `XssMatchSet` that you want to update.
2835
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
2836
+ # ListXssMatchSets.
2837
+ # @return [String]
2838
+ #
2839
+ # @!attribute [rw] change_token
2840
+ # The value returned by the most recent call to GetChangeToken.
2841
+ # @return [String]
2842
+ #
2843
+ # @!attribute [rw] updates
2844
+ # An array of `XssMatchSetUpdate` objects that you want to insert into
2845
+ # or delete from a XssMatchSet. For more information, see the
2846
+ # applicable data types:
2847
+ #
2848
+ # * XssMatchSetUpdate: Contains `Action` and `XssMatchTuple`
2849
+ #
2850
+ # * XssMatchTuple: Contains `FieldToMatch` and `TextTransformation`
2851
+ #
2852
+ # * FieldToMatch: Contains `Data` and `Type`
2853
+ # @return [Array<Types::XssMatchSetUpdate>]
2854
+ class UpdateXssMatchSetRequest < Struct.new(
2855
+ :xss_match_set_id,
2856
+ :change_token,
2857
+ :updates)
2858
+ include Aws::Structure
2859
+ end
2860
+
2861
+ # The response to an UpdateXssMatchSets request.
2862
+ # @!attribute [rw] change_token
2863
+ # The `ChangeToken` that you used to submit the `UpdateXssMatchSet`
2864
+ # request. You can also use this value to query the status of the
2865
+ # request. For more information, see GetChangeTokenStatus.
2866
+ # @return [String]
2867
+ class UpdateXssMatchSetResponse < Struct.new(
2868
+ :change_token)
2869
+ include Aws::Structure
2870
+ end
2871
+
2872
+ # For the action that is associated with a rule in a `WebACL`, specifies
2873
+ # the action that you want AWS WAF to perform when a web request matches
2874
+ # all of the conditions in a rule. For the default action in a `WebACL`,
2875
+ # specifies the action that you want AWS WAF to take when a web request
2876
+ # doesn't match all of the conditions in any of the rules in a
2877
+ # `WebACL`.
2878
+ # @note When making an API call, pass WafAction
2879
+ # data as a hash:
2880
+ #
2881
+ # {
2882
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2883
+ # }
2884
+ # @!attribute [rw] type
2885
+ # Specifies how you want AWS WAF to respond to requests that match the
2886
+ # settings in a `Rule`. Valid settings include the following:
2887
+ #
2888
+ # * `ALLOW`\: AWS WAF allows requests
2889
+ #
2890
+ # * `BLOCK`\: AWS WAF blocks requests
2891
+ #
2892
+ # * `COUNT`\: AWS WAF increments a counter of the requests that match
2893
+ # all of the conditions in the rule. AWS WAF then continues to
2894
+ # inspect the web request based on the remaining rules in the web
2895
+ # ACL. You can't specify `COUNT` for the default action for a
2896
+ # `WebACL`.
2897
+ # @return [String]
2898
+ class WafAction < Struct.new(
2899
+ :type)
2900
+ include Aws::Structure
2901
+ end
2902
+
2903
+ # Contains the `Rules` that identify the requests that you want to
2904
+ # allow, block, or count. In a `WebACL`, you also specify a default
2905
+ # action (`ALLOW` or `BLOCK`), and the action for each `Rule` that you
2906
+ # add to a `WebACL`, for example, block requests from specified IP
2907
+ # addresses or block requests from specified referrers. You also
2908
+ # associate the `WebACL` with a CloudFront distribution to identify the
2909
+ # requests that you want AWS WAF to filter. If you add more than one
2910
+ # `Rule` to a `WebACL`, a request needs to match only one of the
2911
+ # specifications to be allowed, blocked, or counted. For more
2912
+ # information, see UpdateWebACL.
2913
+ # @!attribute [rw] web_acl_id
2914
+ # A unique identifier for a `WebACL`. You use `WebACLId` to get
2915
+ # information about a `WebACL` (see GetWebACL), update a `WebACL` (see
2916
+ # UpdateWebACL), and delete a `WebACL` from AWS WAF (see
2917
+ # DeleteWebACL).
2918
+ #
2919
+ # `WebACLId` is returned by CreateWebACL and by ListWebACLs.
2920
+ # @return [String]
2921
+ #
2922
+ # @!attribute [rw] name
2923
+ # A friendly name or description of the `WebACL`. You can't change
2924
+ # the name of a `WebACL` after you create it.
2925
+ # @return [String]
2926
+ #
2927
+ # @!attribute [rw] metric_name
2928
+ # @return [String]
2929
+ #
2930
+ # @!attribute [rw] default_action
2931
+ # The action to perform if none of the `Rules` contained in the
2932
+ # `WebACL` match. The action is specified by the WafAction object.
2933
+ # @return [Types::WafAction]
2934
+ #
2935
+ # @!attribute [rw] rules
2936
+ # An array that contains the action for each `Rule` in a `WebACL`, the
2937
+ # priority of the `Rule`, and the ID of the `Rule`.
2938
+ # @return [Array<Types::ActivatedRule>]
2939
+ class WebACL < Struct.new(
2940
+ :web_acl_id,
2941
+ :name,
2942
+ :metric_name,
2943
+ :default_action,
2944
+ :rules)
2945
+ include Aws::Structure
2946
+ end
2947
+
2948
+ # Contains the identifier and the name or description of the WebACL.
2949
+ # @!attribute [rw] web_acl_id
2950
+ # A unique identifier for a `WebACL`. You use `WebACLId` to get
2951
+ # information about a `WebACL` (see GetWebACL), update a `WebACL` (see
2952
+ # UpdateWebACL), and delete a `WebACL` from AWS WAF (see
2953
+ # DeleteWebACL).
2954
+ #
2955
+ # `WebACLId` is returned by CreateWebACL and by ListWebACLs.
2956
+ # @return [String]
2957
+ #
2958
+ # @!attribute [rw] name
2959
+ # A friendly name or description of the WebACL. You can't change the
2960
+ # name of a `WebACL` after you create it.
2961
+ # @return [String]
2962
+ class WebACLSummary < Struct.new(
2963
+ :web_acl_id,
2964
+ :name)
2965
+ include Aws::Structure
2966
+ end
2967
+
2968
+ # Specifies whether to insert a `Rule` into or delete a `Rule` from a
2969
+ # `WebACL`.
2970
+ # @note When making an API call, pass WebACLUpdate
2971
+ # data as a hash:
2972
+ #
2973
+ # {
2974
+ # action: "INSERT", # required, accepts INSERT, DELETE
2975
+ # activated_rule: { # required
2976
+ # priority: 1, # required
2977
+ # rule_id: "ResourceId", # required
2978
+ # action: { # required
2979
+ # type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
2980
+ # },
2981
+ # },
2982
+ # }
2983
+ # @!attribute [rw] action
2984
+ # Specifies whether to insert a `Rule` into or delete a `Rule` from a
2985
+ # `WebACL`.
2986
+ # @return [String]
2987
+ #
2988
+ # @!attribute [rw] activated_rule
2989
+ # The `ActivatedRule` object in an UpdateWebACL request specifies a
2990
+ # `Rule` that you want to insert or delete, the priority of the `Rule`
2991
+ # in the `WebACL`, and the action that you want AWS WAF to take when a
2992
+ # web request matches the `Rule` (`ALLOW`, `BLOCK`, or `COUNT`).
2993
+ #
2994
+ # To specify whether to insert or delete a `Rule`, use the `Action`
2995
+ # parameter in the WebACLUpdate data type.
2996
+ # @return [Types::ActivatedRule]
2997
+ class WebACLUpdate < Struct.new(
2998
+ :action,
2999
+ :activated_rule)
3000
+ include Aws::Structure
3001
+ end
3002
+
3003
+ # A complex type that contains `XssMatchTuple` objects, which specify
3004
+ # the parts of web requests that you want AWS WAF to inspect for
3005
+ # cross-site scripting attacks and, if you want AWS WAF to inspect a
3006
+ # header, the name of the header. If a `XssMatchSet` contains more than
3007
+ # one `XssMatchTuple` object, a request needs to include cross-site
3008
+ # scripting attacks in only one of the specified parts of the request to
3009
+ # be considered a match.
3010
+ # @!attribute [rw] xss_match_set_id
3011
+ # A unique identifier for an `XssMatchSet`. You use `XssMatchSetId` to
3012
+ # get information about an `XssMatchSet` (see GetXssMatchSet), update
3013
+ # an `XssMatchSet` (see UpdateXssMatchSet), insert an `XssMatchSet`
3014
+ # into a `Rule` or delete one from a `Rule` (see UpdateRule), and
3015
+ # delete an `XssMatchSet` from AWS WAF (see DeleteXssMatchSet).
3016
+ #
3017
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
3018
+ # ListXssMatchSets.
3019
+ # @return [String]
3020
+ #
3021
+ # @!attribute [rw] name
3022
+ # The name, if any, of the `XssMatchSet`.
3023
+ # @return [String]
3024
+ #
3025
+ # @!attribute [rw] xss_match_tuples
3026
+ # Specifies the parts of web requests that you want to inspect for
3027
+ # cross-site scripting attacks.
3028
+ # @return [Array<Types::XssMatchTuple>]
3029
+ class XssMatchSet < Struct.new(
3030
+ :xss_match_set_id,
3031
+ :name,
3032
+ :xss_match_tuples)
3033
+ include Aws::Structure
3034
+ end
3035
+
3036
+ # The `Id` and `Name` of an `XssMatchSet`.
3037
+ # @!attribute [rw] xss_match_set_id
3038
+ # A unique identifier for an `XssMatchSet`. You use `XssMatchSetId` to
3039
+ # get information about a `XssMatchSet` (see GetXssMatchSet), update
3040
+ # an `XssMatchSet` (see UpdateXssMatchSet), insert an `XssMatchSet`
3041
+ # into a `Rule` or delete one from a `Rule` (see UpdateRule), and
3042
+ # delete an `XssMatchSet` from AWS WAF (see DeleteXssMatchSet).
3043
+ #
3044
+ # `XssMatchSetId` is returned by CreateXssMatchSet and by
3045
+ # ListXssMatchSets.
3046
+ # @return [String]
3047
+ #
3048
+ # @!attribute [rw] name
3049
+ # The name of the `XssMatchSet`, if any, specified by `Id`.
3050
+ # @return [String]
3051
+ class XssMatchSetSummary < Struct.new(
3052
+ :xss_match_set_id,
3053
+ :name)
3054
+ include Aws::Structure
3055
+ end
3056
+
3057
+ # Specifies the part of a web request that you want to inspect for
3058
+ # cross-site scripting attacks and indicates whether you want to add the
3059
+ # specification to an XssMatchSet or delete it from an `XssMatchSet`.
3060
+ # @note When making an API call, pass XssMatchSetUpdate
3061
+ # data as a hash:
3062
+ #
3063
+ # {
3064
+ # action: "INSERT", # required, accepts INSERT, DELETE
3065
+ # xss_match_tuple: { # required
3066
+ # field_to_match: { # required
3067
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
3068
+ # data: "MatchFieldData",
3069
+ # },
3070
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
3071
+ # },
3072
+ # }
3073
+ # @!attribute [rw] action
3074
+ # Specify `INSERT` to add a XssMatchSetUpdate to an XssMatchSet. Use
3075
+ # `DELETE` to remove a `XssMatchSetUpdate` from an `XssMatchSet`.
3076
+ # @return [String]
3077
+ #
3078
+ # @!attribute [rw] xss_match_tuple
3079
+ # Specifies the part of a web request that you want AWS WAF to inspect
3080
+ # for cross-site scripting attacks and, if you want AWS WAF to inspect
3081
+ # a header, the name of the header.
3082
+ # @return [Types::XssMatchTuple]
3083
+ class XssMatchSetUpdate < Struct.new(
3084
+ :action,
3085
+ :xss_match_tuple)
3086
+ include Aws::Structure
3087
+ end
3088
+
3089
+ # Specifies the part of a web request that you want AWS WAF to inspect
3090
+ # for cross-site scripting attacks and, if you want AWS WAF to inspect a
3091
+ # header, the name of the header.
3092
+ # @note When making an API call, pass XssMatchTuple
3093
+ # data as a hash:
3094
+ #
3095
+ # {
3096
+ # field_to_match: { # required
3097
+ # type: "URI", # required, accepts URI, QUERY_STRING, HEADER, METHOD, BODY
3098
+ # data: "MatchFieldData",
3099
+ # },
3100
+ # text_transformation: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
3101
+ # }
3102
+ # @!attribute [rw] field_to_match
3103
+ # Specifies where in a web request to look for `TargetString`.
3104
+ # @return [Types::FieldToMatch]
3105
+ #
3106
+ # @!attribute [rw] text_transformation
3107
+ # Text transformations eliminate some of the unusual formatting that
3108
+ # attackers use in web requests in an effort to bypass AWS WAF. If you
3109
+ # specify a transformation, AWS WAF performs the transformation on
3110
+ # `FieldToMatch` before inspecting a request for a match.
3111
+ #
3112
+ # **CMD\_LINE**
3113
+ #
3114
+ # When you're concerned that attackers are injecting an operating
3115
+ # system commandline command and using unusual formatting to disguise
3116
+ # some or all of the command, use this option to perform the following
3117
+ # transformations:
3118
+ #
3119
+ # * Delete the following characters: \\ " ' ^
3120
+ #
3121
+ # * Delete spaces before the following characters: / (
3122
+ #
3123
+ # * Replace the following characters with a space: , ;
3124
+ #
3125
+ # * Replace multiple spaces with one space
3126
+ #
3127
+ # * Convert uppercase letters (A-Z) to lowercase (a-z)
3128
+ #
3129
+ # **COMPRESS\_WHITE\_SPACE**
3130
+ #
3131
+ # Use this option to replace the following characters with a space
3132
+ # character (decimal 32):
3133
+ #
3134
+ # * \\f, formfeed, decimal 12
3135
+ #
3136
+ # * \\t, tab, decimal 9
3137
+ #
3138
+ # * \\n, newline, decimal 10
3139
+ #
3140
+ # * \\r, carriage return, decimal 13
3141
+ #
3142
+ # * \\v, vertical tab, decimal 11
3143
+ #
3144
+ # * non-breaking space, decimal 160
3145
+ #
3146
+ # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
3147
+ #
3148
+ # **HTML\_ENTITY\_DECODE**
3149
+ #
3150
+ # Use this option to replace HTML-encoded characters with unencoded
3151
+ # characters. `HTML_ENTITY_DECODE` performs the following operations:
3152
+ #
3153
+ # * Replaces `(ampersand)quot;` with `"`
3154
+ #
3155
+ # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
3156
+ #
3157
+ # * Replaces `(ampersand)lt;` with a "less than" symbol
3158
+ #
3159
+ # * Replaces `(ampersand)gt;` with `>`
3160
+ #
3161
+ # * Replaces characters that are represented in hexadecimal format,
3162
+ # `(ampersand)#xhhhh;`, with the corresponding characters
3163
+ #
3164
+ # * Replaces characters that are represented in decimal format,
3165
+ # `(ampersand)#nnnn;`, with the corresponding characters
3166
+ #
3167
+ # **LOWERCASE**
3168
+ #
3169
+ # Use this option to convert uppercase letters (A-Z) to lowercase
3170
+ # (a-z).
3171
+ #
3172
+ # **URL\_DECODE**
3173
+ #
3174
+ # Use this option to decode a URL-encoded value.
3175
+ #
3176
+ # **NONE**
3177
+ #
3178
+ # Specify `NONE` if you don't want to perform any text
3179
+ # transformations.
3180
+ # @return [String]
3181
+ class XssMatchTuple < Struct.new(
3182
+ :field_to_match,
3183
+ :text_transformation)
3184
+ include Aws::Structure
3185
+ end
3186
+
3187
+ end
3188
+ end
3189
+ end