aws-sdk-wafv2 1.20.0 → 1.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2.rb +1 -1
- data/lib/aws-sdk-wafv2/client.rb +482 -446
- data/lib/aws-sdk-wafv2/client_api.rb +4 -3
- data/lib/aws-sdk-wafv2/types.rb +945 -891
- metadata +3 -4
@@ -542,9 +542,10 @@ module Aws::WAFV2
|
|
542
542
|
GetRegexPatternSetResponse.add_member(:lock_token, Shapes::ShapeRef.new(shape: LockToken, location_name: "LockToken"))
|
543
543
|
GetRegexPatternSetResponse.struct_class = Types::GetRegexPatternSetResponse
|
544
544
|
|
545
|
-
GetRuleGroupRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName,
|
546
|
-
GetRuleGroupRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope,
|
547
|
-
GetRuleGroupRequest.add_member(:id, Shapes::ShapeRef.new(shape: EntityId,
|
545
|
+
GetRuleGroupRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, location_name: "Name"))
|
546
|
+
GetRuleGroupRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, location_name: "Scope"))
|
547
|
+
GetRuleGroupRequest.add_member(:id, Shapes::ShapeRef.new(shape: EntityId, location_name: "Id"))
|
548
|
+
GetRuleGroupRequest.add_member(:arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "ARN"))
|
548
549
|
GetRuleGroupRequest.struct_class = Types::GetRuleGroupRequest
|
549
550
|
|
550
551
|
GetRuleGroupResponse.add_member(:rule_group, Shapes::ShapeRef.new(shape: RuleGroup, location_name: "RuleGroup"))
|
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -32,11 +32,11 @@ module Aws::WAFV2
|
|
32
32
|
include Aws::Structure
|
33
33
|
end
|
34
34
|
|
35
|
-
# Inspect all of the elements that
|
36
|
-
#
|
37
|
-
#
|
35
|
+
# Inspect all of the elements that WAF has parsed and extracted from the
|
36
|
+
# web request JSON body that are within the JsonBody `MatchScope`. This
|
37
|
+
# is used with the FieldToMatch option `JsonBody`.
|
38
38
|
#
|
39
|
-
# This is used only to indicate the web request component for
|
39
|
+
# This is used only to indicate the web request component for WAF to
|
40
40
|
# inspect, in the FieldToMatch specification.
|
41
41
|
#
|
42
42
|
# @api private
|
@@ -47,7 +47,7 @@ module Aws::WAFV2
|
|
47
47
|
|
48
48
|
# All query arguments of a web request.
|
49
49
|
#
|
50
|
-
# This is used only to indicate the web request component for
|
50
|
+
# This is used only to indicate the web request component for WAF to
|
51
51
|
# inspect, in the FieldToMatch specification.
|
52
52
|
#
|
53
53
|
# @api private
|
@@ -56,7 +56,7 @@ module Aws::WAFV2
|
|
56
56
|
#
|
57
57
|
class AllQueryArguments < Aws::EmptyStructure; end
|
58
58
|
|
59
|
-
# Specifies that
|
59
|
+
# Specifies that WAF should allow the request and optionally defines
|
60
60
|
# additional custom handling for the request.
|
61
61
|
#
|
62
62
|
# This is used in the context of other settings, for example to specify
|
@@ -80,8 +80,8 @@ module Aws::WAFV2
|
|
80
80
|
# Defines custom handling for the web request.
|
81
81
|
#
|
82
82
|
# For information about customizing web requests and responses, see
|
83
|
-
# [Customizing web requests and responses in
|
84
|
-
#
|
83
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
84
|
+
# Developer Guide][2].
|
85
85
|
#
|
86
86
|
#
|
87
87
|
#
|
@@ -139,7 +139,7 @@ module Aws::WAFV2
|
|
139
139
|
# text_transformations: [ # required
|
140
140
|
# {
|
141
141
|
# priority: 1, # required
|
142
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
142
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
143
143
|
# },
|
144
144
|
# ],
|
145
145
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -175,7 +175,7 @@ module Aws::WAFV2
|
|
175
175
|
# text_transformations: [ # required
|
176
176
|
# {
|
177
177
|
# priority: 1, # required
|
178
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
178
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
179
179
|
# },
|
180
180
|
# ],
|
181
181
|
# },
|
@@ -210,7 +210,7 @@ module Aws::WAFV2
|
|
210
210
|
# text_transformations: [ # required
|
211
211
|
# {
|
212
212
|
# priority: 1, # required
|
213
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
213
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
214
214
|
# },
|
215
215
|
# ],
|
216
216
|
# },
|
@@ -247,7 +247,7 @@ module Aws::WAFV2
|
|
247
247
|
# text_transformations: [ # required
|
248
248
|
# {
|
249
249
|
# priority: 1, # required
|
250
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
250
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
251
251
|
# },
|
252
252
|
# ],
|
253
253
|
# },
|
@@ -306,7 +306,7 @@ module Aws::WAFV2
|
|
306
306
|
# text_transformations: [ # required
|
307
307
|
# {
|
308
308
|
# priority: 1, # required
|
309
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
309
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
310
310
|
# },
|
311
311
|
# ],
|
312
312
|
# },
|
@@ -378,7 +378,7 @@ module Aws::WAFV2
|
|
378
378
|
# }
|
379
379
|
#
|
380
380
|
# @!attribute [rw] web_acl_arn
|
381
|
-
# The Amazon Resource Name (ARN) of the
|
381
|
+
# The Amazon Resource Name (ARN) of the web ACL that you want to
|
382
382
|
# associate with the resource.
|
383
383
|
# @return [String]
|
384
384
|
#
|
@@ -392,7 +392,7 @@ module Aws::WAFV2
|
|
392
392
|
# `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
393
393
|
# `
|
394
394
|
#
|
395
|
-
# * For an API Gateway REST API:
|
395
|
+
# * For an Amazon API Gateway REST API:
|
396
396
|
# `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
|
397
397
|
#
|
398
398
|
# * For an AppSync GraphQL API:
|
@@ -412,7 +412,7 @@ module Aws::WAFV2
|
|
412
412
|
#
|
413
413
|
class AssociateWebACLResponse < Aws::EmptyStructure; end
|
414
414
|
|
415
|
-
# Specifies that
|
415
|
+
# Specifies that WAF should block the request and optionally defines
|
416
416
|
# additional custom handling for the response to the web request.
|
417
417
|
#
|
418
418
|
# This is used in the context of other settings, for example to specify
|
@@ -438,8 +438,8 @@ module Aws::WAFV2
|
|
438
438
|
# Defines a custom response for the web request.
|
439
439
|
#
|
440
440
|
# For information about customizing web requests and responses, see
|
441
|
-
# [Customizing web requests and responses in
|
442
|
-
#
|
441
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
442
|
+
# Developer Guide][2].
|
443
443
|
#
|
444
444
|
#
|
445
445
|
#
|
@@ -458,7 +458,7 @@ module Aws::WAFV2
|
|
458
458
|
# The body of a web request. This immediately follows the request
|
459
459
|
# headers.
|
460
460
|
#
|
461
|
-
# This is used only to indicate the web request component for
|
461
|
+
# This is used only to indicate the web request component for WAF to
|
462
462
|
# inspect, in the FieldToMatch specification.
|
463
463
|
#
|
464
464
|
# @api private
|
@@ -467,11 +467,11 @@ module Aws::WAFV2
|
|
467
467
|
#
|
468
468
|
class Body < Aws::EmptyStructure; end
|
469
469
|
|
470
|
-
# A rule statement that defines a string match search for
|
471
|
-
#
|
472
|
-
#
|
473
|
-
#
|
474
|
-
#
|
470
|
+
# A rule statement that defines a string match search for WAF to apply
|
471
|
+
# to web requests. The byte match statement provides the bytes to search
|
472
|
+
# for, the location in requests that you want WAF to search, and other
|
473
|
+
# settings. The bytes to search for are typically a string that
|
474
|
+
# corresponds with ASCII characters. In the WAF console and the
|
475
475
|
# developer guide, this is refered to as a string match statement.
|
476
476
|
#
|
477
477
|
# @note When making an API call, you may pass ByteMatchStatement
|
@@ -509,30 +509,30 @@ module Aws::WAFV2
|
|
509
509
|
# text_transformations: [ # required
|
510
510
|
# {
|
511
511
|
# priority: 1, # required
|
512
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
512
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
513
513
|
# },
|
514
514
|
# ],
|
515
515
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
516
516
|
# }
|
517
517
|
#
|
518
518
|
# @!attribute [rw] search_string
|
519
|
-
# A string value that you want
|
520
|
-
#
|
521
|
-
#
|
519
|
+
# A string value that you want WAF to search for. WAF searches only in
|
520
|
+
# the part of web requests that you designate for inspection in
|
521
|
+
# FieldToMatch. The maximum length of the value is 50 bytes.
|
522
522
|
#
|
523
523
|
# Valid values depend on the component that you specify for inspection
|
524
524
|
# in `FieldToMatch`\:
|
525
525
|
#
|
526
|
-
# * `Method`\: The HTTP method that you want
|
527
|
-
#
|
526
|
+
# * `Method`\: The HTTP method that you want WAF to search for. This
|
527
|
+
# indicates the type of operation specified in the request.
|
528
528
|
#
|
529
|
-
# * `UriPath`\: The value that you want
|
530
|
-
#
|
529
|
+
# * `UriPath`\: The value that you want WAF to search for in the URI
|
530
|
+
# path, for example, `/images/daily-ad.jpg`.
|
531
531
|
#
|
532
532
|
# If `SearchString` includes alphabetic characters A-Z and a-z, note
|
533
533
|
# that the value is case sensitive.
|
534
534
|
#
|
535
|
-
# **If you're using the
|
535
|
+
# **If you're using the WAF API**
|
536
536
|
#
|
537
537
|
# Specify a base64-encoded version of the value. The maximum length of
|
538
538
|
# the value before you base64-encode it is 50 bytes.
|
@@ -543,29 +543,29 @@ module Aws::WAFV2
|
|
543
543
|
# base64-encoding and include the resulting value, `QmFkQm90`, in the
|
544
544
|
# value of `SearchString`.
|
545
545
|
#
|
546
|
-
# **If you're using the
|
546
|
+
# **If you're using the CLI or one of the Amazon Web Services SDKs**
|
547
547
|
#
|
548
|
-
# The value that you want
|
548
|
+
# The value that you want WAF to search for. The SDK automatically
|
549
549
|
# base64 encodes the value.
|
550
550
|
# @return [String]
|
551
551
|
#
|
552
552
|
# @!attribute [rw] field_to_match
|
553
|
-
# The part of a web request that you want
|
553
|
+
# The part of a web request that you want WAF to inspect. For more
|
554
554
|
# information, see FieldToMatch.
|
555
555
|
# @return [Types::FieldToMatch]
|
556
556
|
#
|
557
557
|
# @!attribute [rw] text_transformations
|
558
558
|
# Text transformations eliminate some of the unusual formatting that
|
559
559
|
# attackers use in web requests in an effort to bypass detection. If
|
560
|
-
# you specify one or more transformations in a rule statement,
|
560
|
+
# you specify one or more transformations in a rule statement, WAF
|
561
561
|
# performs all transformations on the content of the request component
|
562
562
|
# identified by `FieldToMatch`, starting from the lowest priority
|
563
563
|
# setting, before inspecting the content for a match.
|
564
564
|
# @return [Array<Types::TextTransformation>]
|
565
565
|
#
|
566
566
|
# @!attribute [rw] positional_constraint
|
567
|
-
# The area within the portion of a web request that you want
|
568
|
-
#
|
567
|
+
# The area within the portion of a web request that you want WAF to
|
568
|
+
# search for `SearchString`. Valid values include the following:
|
569
569
|
#
|
570
570
|
# **CONTAINS**
|
571
571
|
#
|
@@ -659,7 +659,7 @@ module Aws::WAFV2
|
|
659
659
|
# text_transformations: [ # required
|
660
660
|
# {
|
661
661
|
# priority: 1, # required
|
662
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
662
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
663
663
|
# },
|
664
664
|
# ],
|
665
665
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -695,7 +695,7 @@ module Aws::WAFV2
|
|
695
695
|
# text_transformations: [ # required
|
696
696
|
# {
|
697
697
|
# priority: 1, # required
|
698
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
698
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
699
699
|
# },
|
700
700
|
# ],
|
701
701
|
# },
|
@@ -730,7 +730,7 @@ module Aws::WAFV2
|
|
730
730
|
# text_transformations: [ # required
|
731
731
|
# {
|
732
732
|
# priority: 1, # required
|
733
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
733
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
734
734
|
# },
|
735
735
|
# ],
|
736
736
|
# },
|
@@ -767,7 +767,7 @@ module Aws::WAFV2
|
|
767
767
|
# text_transformations: [ # required
|
768
768
|
# {
|
769
769
|
# priority: 1, # required
|
770
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
770
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
771
771
|
# },
|
772
772
|
# ],
|
773
773
|
# },
|
@@ -826,7 +826,7 @@ module Aws::WAFV2
|
|
826
826
|
# text_transformations: [ # required
|
827
827
|
# {
|
828
828
|
# priority: 1, # required
|
829
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
829
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
830
830
|
# },
|
831
831
|
# ],
|
832
832
|
# },
|
@@ -940,10 +940,10 @@ module Aws::WAFV2
|
|
940
940
|
# }
|
941
941
|
#
|
942
942
|
# @!attribute [rw] scope
|
943
|
-
# Specifies whether this is for an
|
944
|
-
# a regional application. A regional application can be an
|
945
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
946
|
-
# API.
|
943
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
944
|
+
# for a regional application. A regional application can be an
|
945
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
946
|
+
# an AppSync GraphQL API.
|
947
947
|
#
|
948
948
|
# To work with CloudFront, you must also specify the Region US East
|
949
949
|
# (N. Virginia) as follows:
|
@@ -1011,7 +1011,7 @@ module Aws::WAFV2
|
|
1011
1011
|
include Aws::Structure
|
1012
1012
|
end
|
1013
1013
|
|
1014
|
-
# Specifies that
|
1014
|
+
# Specifies that WAF should count the request. Optionally defines
|
1015
1015
|
# additional custom handling for the request.
|
1016
1016
|
#
|
1017
1017
|
# This is used in the context of other settings, for example to specify
|
@@ -1035,8 +1035,8 @@ module Aws::WAFV2
|
|
1035
1035
|
# Defines custom handling for the web request.
|
1036
1036
|
#
|
1037
1037
|
# For information about customizing web requests and responses, see
|
1038
|
-
# [Customizing web requests and responses in
|
1039
|
-
#
|
1038
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
1039
|
+
# Developer Guide][2].
|
1040
1040
|
#
|
1041
1041
|
#
|
1042
1042
|
#
|
@@ -1075,10 +1075,10 @@ module Aws::WAFV2
|
|
1075
1075
|
# @return [String]
|
1076
1076
|
#
|
1077
1077
|
# @!attribute [rw] scope
|
1078
|
-
# Specifies whether this is for an
|
1079
|
-
# a regional application. A regional application can be an
|
1080
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
1081
|
-
# API.
|
1078
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
1079
|
+
# for a regional application. A regional application can be an
|
1080
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
1081
|
+
# an AppSync GraphQL API.
|
1082
1082
|
#
|
1083
1083
|
# To work with CloudFront, you must also specify the Region US East
|
1084
1084
|
# (N. Virginia) as follows:
|
@@ -1100,25 +1100,24 @@ module Aws::WAFV2
|
|
1100
1100
|
# @!attribute [rw] addresses
|
1101
1101
|
# Contains an array of strings that specify one or more IP addresses
|
1102
1102
|
# or blocks of IP addresses in Classless Inter-Domain Routing (CIDR)
|
1103
|
-
# notation.
|
1104
|
-
# /0.
|
1103
|
+
# notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
|
1105
1104
|
#
|
1106
1105
|
# Examples:
|
1107
1106
|
#
|
1108
|
-
# * To configure
|
1107
|
+
# * To configure WAF to allow, block, or count requests that
|
1109
1108
|
# originated from the IP address 192.0.2.44, specify
|
1110
1109
|
# `192.0.2.44/32`.
|
1111
1110
|
#
|
1112
|
-
# * To configure
|
1111
|
+
# * To configure WAF to allow, block, or count requests that
|
1113
1112
|
# originated from IP addresses from 192.0.2.0 to 192.0.2.255,
|
1114
1113
|
# specify `192.0.2.0/24`.
|
1115
1114
|
#
|
1116
|
-
# * To configure
|
1115
|
+
# * To configure WAF to allow, block, or count requests that
|
1117
1116
|
# originated from the IP address
|
1118
1117
|
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
1119
1118
|
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
1120
1119
|
#
|
1121
|
-
# * To configure
|
1120
|
+
# * To configure WAF to allow, block, or count requests that
|
1122
1121
|
# originated from IP addresses
|
1123
1122
|
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
1124
1123
|
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
@@ -1190,10 +1189,10 @@ module Aws::WAFV2
|
|
1190
1189
|
# @return [String]
|
1191
1190
|
#
|
1192
1191
|
# @!attribute [rw] scope
|
1193
|
-
# Specifies whether this is for an
|
1194
|
-
# a regional application. A regional application can be an
|
1195
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
1196
|
-
# API.
|
1192
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
1193
|
+
# for a regional application. A regional application can be an
|
1194
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
1195
|
+
# an AppSync GraphQL API.
|
1197
1196
|
#
|
1198
1197
|
# To work with CloudFront, you must also specify the Region US East
|
1199
1198
|
# (N. Virginia) as follows:
|
@@ -1289,7 +1288,7 @@ module Aws::WAFV2
|
|
1289
1288
|
# text_transformations: [ # required
|
1290
1289
|
# {
|
1291
1290
|
# priority: 1, # required
|
1292
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1291
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1293
1292
|
# },
|
1294
1293
|
# ],
|
1295
1294
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -1325,7 +1324,7 @@ module Aws::WAFV2
|
|
1325
1324
|
# text_transformations: [ # required
|
1326
1325
|
# {
|
1327
1326
|
# priority: 1, # required
|
1328
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1327
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1329
1328
|
# },
|
1330
1329
|
# ],
|
1331
1330
|
# },
|
@@ -1360,7 +1359,7 @@ module Aws::WAFV2
|
|
1360
1359
|
# text_transformations: [ # required
|
1361
1360
|
# {
|
1362
1361
|
# priority: 1, # required
|
1363
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1362
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1364
1363
|
# },
|
1365
1364
|
# ],
|
1366
1365
|
# },
|
@@ -1397,7 +1396,7 @@ module Aws::WAFV2
|
|
1397
1396
|
# text_transformations: [ # required
|
1398
1397
|
# {
|
1399
1398
|
# priority: 1, # required
|
1400
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1399
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1401
1400
|
# },
|
1402
1401
|
# ],
|
1403
1402
|
# },
|
@@ -1456,7 +1455,7 @@ module Aws::WAFV2
|
|
1456
1455
|
# text_transformations: [ # required
|
1457
1456
|
# {
|
1458
1457
|
# priority: 1, # required
|
1459
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1458
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1460
1459
|
# },
|
1461
1460
|
# ],
|
1462
1461
|
# },
|
@@ -1592,10 +1591,10 @@ module Aws::WAFV2
|
|
1592
1591
|
# @return [String]
|
1593
1592
|
#
|
1594
1593
|
# @!attribute [rw] scope
|
1595
|
-
# Specifies whether this is for an
|
1596
|
-
# a regional application. A regional application can be an
|
1597
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
1598
|
-
# API.
|
1594
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
1595
|
+
# for a regional application. A regional application can be an
|
1596
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
1597
|
+
# an AppSync GraphQL API.
|
1599
1598
|
#
|
1600
1599
|
# To work with CloudFront, you must also specify the Region US East
|
1601
1600
|
# (N. Virginia) as follows:
|
@@ -1611,11 +1610,11 @@ module Aws::WAFV2
|
|
1611
1610
|
#
|
1612
1611
|
# When you create your own rule group, you define this, and you cannot
|
1613
1612
|
# change it after creation. When you add or modify the rules in a rule
|
1614
|
-
# group,
|
1615
|
-
#
|
1613
|
+
# group, WAF enforces this limit. You can check the capacity for a set
|
1614
|
+
# of rules using CheckCapacity.
|
1616
1615
|
#
|
1617
|
-
#
|
1618
|
-
#
|
1616
|
+
# WAF uses WCUs to calculate and control the operating resources that
|
1617
|
+
# are used to run your rules, rule groups, and web ACLs. WAF
|
1619
1618
|
# calculates capacity differently for each rule type, to reflect the
|
1620
1619
|
# relative cost of each rule. Simple rules that cost little to run use
|
1621
1620
|
# fewer WCUs than more complex rules that use more processing power.
|
@@ -1631,8 +1630,8 @@ module Aws::WAFV2
|
|
1631
1630
|
# @!attribute [rw] rules
|
1632
1631
|
# The Rule statements used to identify the web requests that you want
|
1633
1632
|
# to allow, block, or count. Each rule includes one top-level
|
1634
|
-
# statement that
|
1635
|
-
# parameters that govern how
|
1633
|
+
# statement that WAF uses to identify matching web requests, and
|
1634
|
+
# parameters that govern how WAF handles them.
|
1636
1635
|
# @return [Array<Types::Rule>]
|
1637
1636
|
#
|
1638
1637
|
# @!attribute [rw] visibility_config
|
@@ -1651,12 +1650,12 @@ module Aws::WAFV2
|
|
1651
1650
|
# the rules that you define in the rule group.
|
1652
1651
|
#
|
1653
1652
|
# For information about customizing web requests and responses, see
|
1654
|
-
# [Customizing web requests and responses in
|
1655
|
-
#
|
1653
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
1654
|
+
# Developer Guide][2].
|
1656
1655
|
#
|
1657
1656
|
# For information about the limits on count and size for custom
|
1658
|
-
# request and response settings, see [
|
1659
|
-
#
|
1657
|
+
# request and response settings, see [WAF quotas][3] in the [WAF
|
1658
|
+
# Developer Guide][2].
|
1660
1659
|
#
|
1661
1660
|
#
|
1662
1661
|
#
|
@@ -1764,7 +1763,7 @@ module Aws::WAFV2
|
|
1764
1763
|
# text_transformations: [ # required
|
1765
1764
|
# {
|
1766
1765
|
# priority: 1, # required
|
1767
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1766
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1768
1767
|
# },
|
1769
1768
|
# ],
|
1770
1769
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -1800,7 +1799,7 @@ module Aws::WAFV2
|
|
1800
1799
|
# text_transformations: [ # required
|
1801
1800
|
# {
|
1802
1801
|
# priority: 1, # required
|
1803
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1802
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1804
1803
|
# },
|
1805
1804
|
# ],
|
1806
1805
|
# },
|
@@ -1835,7 +1834,7 @@ module Aws::WAFV2
|
|
1835
1834
|
# text_transformations: [ # required
|
1836
1835
|
# {
|
1837
1836
|
# priority: 1, # required
|
1838
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1837
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1839
1838
|
# },
|
1840
1839
|
# ],
|
1841
1840
|
# },
|
@@ -1872,7 +1871,7 @@ module Aws::WAFV2
|
|
1872
1871
|
# text_transformations: [ # required
|
1873
1872
|
# {
|
1874
1873
|
# priority: 1, # required
|
1875
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1874
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1876
1875
|
# },
|
1877
1876
|
# ],
|
1878
1877
|
# },
|
@@ -1931,7 +1930,7 @@ module Aws::WAFV2
|
|
1931
1930
|
# text_transformations: [ # required
|
1932
1931
|
# {
|
1933
1932
|
# priority: 1, # required
|
1934
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
1933
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
1935
1934
|
# },
|
1936
1935
|
# ],
|
1937
1936
|
# },
|
@@ -2062,15 +2061,15 @@ module Aws::WAFV2
|
|
2062
2061
|
# }
|
2063
2062
|
#
|
2064
2063
|
# @!attribute [rw] name
|
2065
|
-
# The name of the
|
2064
|
+
# The name of the web ACL. You cannot change the name of a web ACL
|
2066
2065
|
# after you create it.
|
2067
2066
|
# @return [String]
|
2068
2067
|
#
|
2069
2068
|
# @!attribute [rw] scope
|
2070
|
-
# Specifies whether this is for an
|
2071
|
-
# a regional application. A regional application can be an
|
2072
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
2073
|
-
# API.
|
2069
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
2070
|
+
# for a regional application. A regional application can be an
|
2071
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
2072
|
+
# an AppSync GraphQL API.
|
2074
2073
|
#
|
2075
2074
|
# To work with CloudFront, you must also specify the Region US East
|
2076
2075
|
# (N. Virginia) as follows:
|
@@ -2087,14 +2086,14 @@ module Aws::WAFV2
|
|
2087
2086
|
# @return [Types::DefaultAction]
|
2088
2087
|
#
|
2089
2088
|
# @!attribute [rw] description
|
2090
|
-
# A description of the
|
2089
|
+
# A description of the web ACL that helps with identification.
|
2091
2090
|
# @return [String]
|
2092
2091
|
#
|
2093
2092
|
# @!attribute [rw] rules
|
2094
2093
|
# The Rule statements used to identify the web requests that you want
|
2095
2094
|
# to allow, block, or count. Each rule includes one top-level
|
2096
|
-
# statement that
|
2097
|
-
# parameters that govern how
|
2095
|
+
# statement that WAF uses to identify matching web requests, and
|
2096
|
+
# parameters that govern how WAF handles them.
|
2098
2097
|
# @return [Array<Types::Rule>]
|
2099
2098
|
#
|
2100
2099
|
# @!attribute [rw] visibility_config
|
@@ -2113,12 +2112,12 @@ module Aws::WAFV2
|
|
2113
2112
|
# rules and default actions that you define in the web ACL.
|
2114
2113
|
#
|
2115
2114
|
# For information about customizing web requests and responses, see
|
2116
|
-
# [Customizing web requests and responses in
|
2117
|
-
#
|
2115
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
2116
|
+
# Developer Guide][2].
|
2118
2117
|
#
|
2119
2118
|
# For information about the limits on count and size for custom
|
2120
|
-
# request and response settings, see [
|
2121
|
-
#
|
2119
|
+
# request and response settings, see [WAF quotas][3] in the [WAF
|
2120
|
+
# Developer Guide][2].
|
2122
2121
|
#
|
2123
2122
|
#
|
2124
2123
|
#
|
@@ -2171,10 +2170,10 @@ module Aws::WAFV2
|
|
2171
2170
|
# @!attribute [rw] name
|
2172
2171
|
# The name of the custom header.
|
2173
2172
|
#
|
2174
|
-
# For custom request header insertion, when
|
2173
|
+
# For custom request header insertion, when WAF inserts the header
|
2175
2174
|
# into the request, it prefixes this name `x-amzn-waf-`, to avoid
|
2176
2175
|
# confusion with the headers that are already in the request. For
|
2177
|
-
# example, for the header name `sample`,
|
2176
|
+
# example, for the header name `sample`, WAF inserts the header
|
2178
2177
|
# `x-amzn-waf-sample`.
|
2179
2178
|
# @return [String]
|
2180
2179
|
#
|
@@ -2196,7 +2195,7 @@ module Aws::WAFV2
|
|
2196
2195
|
# allow and count.
|
2197
2196
|
#
|
2198
2197
|
# For information about customizing web requests and responses, see
|
2199
|
-
# [Customizing web requests and responses in
|
2198
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
2200
2199
|
# Developer Guide][2].
|
2201
2200
|
#
|
2202
2201
|
#
|
@@ -2221,8 +2220,8 @@ module Aws::WAFV2
|
|
2221
2220
|
# are not allowed.
|
2222
2221
|
#
|
2223
2222
|
# For information about the limits on count and size for custom
|
2224
|
-
# request and response settings, see [
|
2225
|
-
#
|
2223
|
+
# request and response settings, see [WAF quotas][1] in the [WAF
|
2224
|
+
# Developer Guide][2].
|
2226
2225
|
#
|
2227
2226
|
#
|
2228
2227
|
#
|
@@ -2243,7 +2242,7 @@ module Aws::WAFV2
|
|
2243
2242
|
# BlockAction.
|
2244
2243
|
#
|
2245
2244
|
# For information about customizing web requests and responses, see
|
2246
|
-
# [Customizing web requests and responses in
|
2245
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
2247
2246
|
# Developer Guide][2].
|
2248
2247
|
#
|
2249
2248
|
#
|
@@ -2270,7 +2269,7 @@ module Aws::WAFV2
|
|
2270
2269
|
#
|
2271
2270
|
# For a list of status codes that you can use in your custom
|
2272
2271
|
# reqponses, see [Supported status codes for custom response][1] in
|
2273
|
-
# the [
|
2272
|
+
# the [WAF Developer Guide][2].
|
2274
2273
|
#
|
2275
2274
|
#
|
2276
2275
|
#
|
@@ -2279,10 +2278,10 @@ module Aws::WAFV2
|
|
2279
2278
|
# @return [Integer]
|
2280
2279
|
#
|
2281
2280
|
# @!attribute [rw] custom_response_body_key
|
2282
|
-
# References the response body that you want
|
2283
|
-
#
|
2284
|
-
#
|
2285
|
-
#
|
2281
|
+
# References the response body that you want WAF to return to the web
|
2282
|
+
# request client. You can define a custom response for a rule action
|
2283
|
+
# or a default web ACL action that is set to block. To do this, you
|
2284
|
+
# first define the response body key and value in the
|
2286
2285
|
# `CustomResponseBodies` setting for the WebACL or RuleGroup where you
|
2287
2286
|
# want to use it. Then, in the rule action or web ACL default action
|
2288
2287
|
# `BlockAction` setting, you reference the response body using this
|
@@ -2294,8 +2293,8 @@ module Aws::WAFV2
|
|
2294
2293
|
# not allowed.
|
2295
2294
|
#
|
2296
2295
|
# For information about the limits on count and size for custom
|
2297
|
-
# request and response settings, see [
|
2298
|
-
#
|
2296
|
+
# request and response settings, see [WAF quotas][1] in the [WAF
|
2297
|
+
# Developer Guide][2].
|
2299
2298
|
#
|
2300
2299
|
#
|
2301
2300
|
#
|
@@ -2336,8 +2335,8 @@ module Aws::WAFV2
|
|
2336
2335
|
# must specify JSON content in the `ContentType` setting.
|
2337
2336
|
#
|
2338
2337
|
# For information about the limits on count and size for custom
|
2339
|
-
# request and response settings, see [
|
2340
|
-
#
|
2338
|
+
# request and response settings, see [WAF quotas][1] in the [WAF
|
2339
|
+
# Developer Guide][2].
|
2341
2340
|
#
|
2342
2341
|
#
|
2343
2342
|
#
|
@@ -2354,8 +2353,8 @@ module Aws::WAFV2
|
|
2354
2353
|
include Aws::Structure
|
2355
2354
|
end
|
2356
2355
|
|
2357
|
-
# In a WebACL, this is the action that you want
|
2358
|
-
#
|
2356
|
+
# In a WebACL, this is the action that you want WAF to perform when a
|
2357
|
+
# web request doesn't match any of the rules in the `WebACL`. The
|
2359
2358
|
# default action must be a terminating action, so you can't use count.
|
2360
2359
|
#
|
2361
2360
|
# @note When making an API call, you may pass DefaultAction
|
@@ -2387,11 +2386,11 @@ module Aws::WAFV2
|
|
2387
2386
|
# }
|
2388
2387
|
#
|
2389
2388
|
# @!attribute [rw] block
|
2390
|
-
# Specifies that
|
2389
|
+
# Specifies that WAF should block requests by default.
|
2391
2390
|
# @return [Types::BlockAction]
|
2392
2391
|
#
|
2393
2392
|
# @!attribute [rw] allow
|
2394
|
-
# Specifies that
|
2393
|
+
# Specifies that WAF should allow requests by default.
|
2395
2394
|
# @return [Types::AllowAction]
|
2396
2395
|
#
|
2397
2396
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DefaultAction AWS API Documentation
|
@@ -2416,14 +2415,14 @@ module Aws::WAFV2
|
|
2416
2415
|
# @return [String]
|
2417
2416
|
#
|
2418
2417
|
# @!attribute [rw] web_acl_lock_token
|
2419
|
-
# A token used for optimistic locking.
|
2420
|
-
#
|
2421
|
-
#
|
2418
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
2419
|
+
# and list requests, to mark the state of the entity at the time of
|
2420
|
+
# the request. To make changes to the entity associated with the
|
2422
2421
|
# token, you provide the token to operations like update and delete.
|
2423
|
-
#
|
2424
|
-
#
|
2425
|
-
#
|
2426
|
-
#
|
2422
|
+
# WAF uses the token to ensure that no changes have been made to the
|
2423
|
+
# entity since you last retrieved it. If a change has been made, the
|
2424
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
2425
|
+
# perform another get, and use the new token returned by that
|
2427
2426
|
# operation.
|
2428
2427
|
# @return [String]
|
2429
2428
|
#
|
@@ -2437,14 +2436,14 @@ module Aws::WAFV2
|
|
2437
2436
|
end
|
2438
2437
|
|
2439
2438
|
# @!attribute [rw] next_web_acl_lock_token
|
2440
|
-
# A token used for optimistic locking.
|
2441
|
-
#
|
2442
|
-
#
|
2439
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
2440
|
+
# and list requests, to mark the state of the entity at the time of
|
2441
|
+
# the request. To make changes to the entity associated with the
|
2443
2442
|
# token, you provide the token to operations like update and delete.
|
2444
|
-
#
|
2445
|
-
#
|
2446
|
-
#
|
2447
|
-
#
|
2443
|
+
# WAF uses the token to ensure that no changes have been made to the
|
2444
|
+
# entity since you last retrieved it. If a change has been made, the
|
2445
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
2446
|
+
# perform another get, and use the new token returned by that
|
2448
2447
|
# operation.
|
2449
2448
|
# @return [String]
|
2450
2449
|
#
|
@@ -2472,10 +2471,10 @@ module Aws::WAFV2
|
|
2472
2471
|
# @return [String]
|
2473
2472
|
#
|
2474
2473
|
# @!attribute [rw] scope
|
2475
|
-
# Specifies whether this is for an
|
2476
|
-
# a regional application. A regional application can be an
|
2477
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
2478
|
-
# API.
|
2474
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
2475
|
+
# for a regional application. A regional application can be an
|
2476
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
2477
|
+
# an AppSync GraphQL API.
|
2479
2478
|
#
|
2480
2479
|
# To work with CloudFront, you must also specify the Region US East
|
2481
2480
|
# (N. Virginia) as follows:
|
@@ -2493,14 +2492,14 @@ module Aws::WAFV2
|
|
2493
2492
|
# @return [String]
|
2494
2493
|
#
|
2495
2494
|
# @!attribute [rw] lock_token
|
2496
|
-
# A token used for optimistic locking.
|
2497
|
-
#
|
2498
|
-
#
|
2495
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
2496
|
+
# and list requests, to mark the state of the entity at the time of
|
2497
|
+
# the request. To make changes to the entity associated with the
|
2499
2498
|
# token, you provide the token to operations like update and delete.
|
2500
|
-
#
|
2501
|
-
#
|
2502
|
-
#
|
2503
|
-
#
|
2499
|
+
# WAF uses the token to ensure that no changes have been made to the
|
2500
|
+
# entity since you last retrieved it. If a change has been made, the
|
2501
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
2502
|
+
# perform another get, and use the new token returned by that
|
2504
2503
|
# operation.
|
2505
2504
|
# @return [String]
|
2506
2505
|
#
|
@@ -2585,10 +2584,10 @@ module Aws::WAFV2
|
|
2585
2584
|
# @return [String]
|
2586
2585
|
#
|
2587
2586
|
# @!attribute [rw] scope
|
2588
|
-
# Specifies whether this is for an
|
2589
|
-
# a regional application. A regional application can be an
|
2590
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
2591
|
-
# API.
|
2587
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
2588
|
+
# for a regional application. A regional application can be an
|
2589
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
2590
|
+
# an AppSync GraphQL API.
|
2592
2591
|
#
|
2593
2592
|
# To work with CloudFront, you must also specify the Region US East
|
2594
2593
|
# (N. Virginia) as follows:
|
@@ -2606,14 +2605,14 @@ module Aws::WAFV2
|
|
2606
2605
|
# @return [String]
|
2607
2606
|
#
|
2608
2607
|
# @!attribute [rw] lock_token
|
2609
|
-
# A token used for optimistic locking.
|
2610
|
-
#
|
2611
|
-
#
|
2608
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
2609
|
+
# and list requests, to mark the state of the entity at the time of
|
2610
|
+
# the request. To make changes to the entity associated with the
|
2612
2611
|
# token, you provide the token to operations like update and delete.
|
2613
|
-
#
|
2614
|
-
#
|
2615
|
-
#
|
2616
|
-
#
|
2612
|
+
# WAF uses the token to ensure that no changes have been made to the
|
2613
|
+
# entity since you last retrieved it. If a change has been made, the
|
2614
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
2615
|
+
# perform another get, and use the new token returned by that
|
2617
2616
|
# operation.
|
2618
2617
|
# @return [String]
|
2619
2618
|
#
|
@@ -2648,10 +2647,10 @@ module Aws::WAFV2
|
|
2648
2647
|
# @return [String]
|
2649
2648
|
#
|
2650
2649
|
# @!attribute [rw] scope
|
2651
|
-
# Specifies whether this is for an
|
2652
|
-
# a regional application. A regional application can be an
|
2653
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
2654
|
-
# API.
|
2650
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
2651
|
+
# for a regional application. A regional application can be an
|
2652
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
2653
|
+
# an AppSync GraphQL API.
|
2655
2654
|
#
|
2656
2655
|
# To work with CloudFront, you must also specify the Region US East
|
2657
2656
|
# (N. Virginia) as follows:
|
@@ -2669,14 +2668,14 @@ module Aws::WAFV2
|
|
2669
2668
|
# @return [String]
|
2670
2669
|
#
|
2671
2670
|
# @!attribute [rw] lock_token
|
2672
|
-
# A token used for optimistic locking.
|
2673
|
-
#
|
2674
|
-
#
|
2671
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
2672
|
+
# and list requests, to mark the state of the entity at the time of
|
2673
|
+
# the request. To make changes to the entity associated with the
|
2675
2674
|
# token, you provide the token to operations like update and delete.
|
2676
|
-
#
|
2677
|
-
#
|
2678
|
-
#
|
2679
|
-
#
|
2675
|
+
# WAF uses the token to ensure that no changes have been made to the
|
2676
|
+
# entity since you last retrieved it. If a change has been made, the
|
2677
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
2678
|
+
# perform another get, and use the new token returned by that
|
2680
2679
|
# operation.
|
2681
2680
|
# @return [String]
|
2682
2681
|
#
|
@@ -2706,15 +2705,15 @@ module Aws::WAFV2
|
|
2706
2705
|
# }
|
2707
2706
|
#
|
2708
2707
|
# @!attribute [rw] name
|
2709
|
-
# The name of the
|
2708
|
+
# The name of the web ACL. You cannot change the name of a web ACL
|
2710
2709
|
# after you create it.
|
2711
2710
|
# @return [String]
|
2712
2711
|
#
|
2713
2712
|
# @!attribute [rw] scope
|
2714
|
-
# Specifies whether this is for an
|
2715
|
-
# a regional application. A regional application can be an
|
2716
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
2717
|
-
# API.
|
2713
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
2714
|
+
# for a regional application. A regional application can be an
|
2715
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
2716
|
+
# an AppSync GraphQL API.
|
2718
2717
|
#
|
2719
2718
|
# To work with CloudFront, you must also specify the Region US East
|
2720
2719
|
# (N. Virginia) as follows:
|
@@ -2726,20 +2725,20 @@ module Aws::WAFV2
|
|
2726
2725
|
# @return [String]
|
2727
2726
|
#
|
2728
2727
|
# @!attribute [rw] id
|
2729
|
-
# The unique identifier for the
|
2728
|
+
# The unique identifier for the web ACL. This ID is returned in the
|
2730
2729
|
# responses to create and list commands. You provide it to operations
|
2731
2730
|
# like update and delete.
|
2732
2731
|
# @return [String]
|
2733
2732
|
#
|
2734
2733
|
# @!attribute [rw] lock_token
|
2735
|
-
# A token used for optimistic locking.
|
2736
|
-
#
|
2737
|
-
#
|
2734
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
2735
|
+
# and list requests, to mark the state of the entity at the time of
|
2736
|
+
# the request. To make changes to the entity associated with the
|
2738
2737
|
# token, you provide the token to operations like update and delete.
|
2739
|
-
#
|
2740
|
-
#
|
2741
|
-
#
|
2742
|
-
#
|
2738
|
+
# WAF uses the token to ensure that no changes have been made to the
|
2739
|
+
# entity since you last retrieved it. If a change has been made, the
|
2740
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
2741
|
+
# perform another get, and use the new token returned by that
|
2743
2742
|
# operation.
|
2744
2743
|
# @return [String]
|
2745
2744
|
#
|
@@ -2778,10 +2777,10 @@ module Aws::WAFV2
|
|
2778
2777
|
# @return [String]
|
2779
2778
|
#
|
2780
2779
|
# @!attribute [rw] scope
|
2781
|
-
# Specifies whether this is for an
|
2782
|
-
# a regional application. A regional application can be an
|
2783
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
2784
|
-
# API.
|
2780
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
2781
|
+
# for a regional application. A regional application can be an
|
2782
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
2783
|
+
# an AppSync GraphQL API.
|
2785
2784
|
#
|
2786
2785
|
# To work with CloudFront, you must also specify the Region US East
|
2787
2786
|
# (N. Virginia) as follows:
|
@@ -2803,10 +2802,10 @@ module Aws::WAFV2
|
|
2803
2802
|
end
|
2804
2803
|
|
2805
2804
|
# @!attribute [rw] capacity
|
2806
|
-
# The web ACL capacity units (WCUs) required for this rule group.
|
2807
|
-
#
|
2805
|
+
# The web ACL capacity units (WCUs) required for this rule group. WAF
|
2806
|
+
# uses web ACL capacity units (WCU) to calculate and control the
|
2808
2807
|
# operating resources that are used to run your rules, rule groups,
|
2809
|
-
# and web ACLs.
|
2808
|
+
# and web ACLs. WAF calculates capacity differently for each rule
|
2810
2809
|
# type, to reflect each rule's relative cost. Rule group capacity is
|
2811
2810
|
# fixed at creation, so users can plan their web ACL WCU usage when
|
2812
2811
|
# they use a rule group. The WCU limit for web ACLs is 1,500.
|
@@ -2824,18 +2823,18 @@ module Aws::WAFV2
|
|
2824
2823
|
#
|
2825
2824
|
# `awswaf:managed:<vendor>:<rule group name>`\:
|
2826
2825
|
#
|
2827
|
-
# * When a rule with a label matches a web request,
|
2828
|
-
#
|
2829
|
-
#
|
2830
|
-
#
|
2831
|
-
# by a colon:
|
2826
|
+
# * When a rule with a label matches a web request, WAF adds the fully
|
2827
|
+
# qualified label to the request. A fully qualified label is made up
|
2828
|
+
# of the label namespace from the rule group or web ACL where the
|
2829
|
+
# rule is defined and the label from the rule, separated by a colon:
|
2832
2830
|
#
|
2833
2831
|
# `<label namespace>:<label from rule>`
|
2834
2832
|
# @return [String]
|
2835
2833
|
#
|
2836
2834
|
# @!attribute [rw] available_labels
|
2837
2835
|
# The labels that one or more rules in this rule group add to matching
|
2838
|
-
# web
|
2836
|
+
# web requests. These labels are defined in the `RuleLabels` for a
|
2837
|
+
# Rule.
|
2839
2838
|
# @return [Array<Types::LabelSummary>]
|
2840
2839
|
#
|
2841
2840
|
# @!attribute [rw] consumed_labels
|
@@ -2874,7 +2873,7 @@ module Aws::WAFV2
|
|
2874
2873
|
# `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
2875
2874
|
# `
|
2876
2875
|
#
|
2877
|
-
# * For an API Gateway REST API:
|
2876
|
+
# * For an Amazon API Gateway REST API:
|
2878
2877
|
# `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
|
2879
2878
|
#
|
2880
2879
|
# * For an AppSync GraphQL API:
|
@@ -2917,12 +2916,12 @@ module Aws::WAFV2
|
|
2917
2916
|
include Aws::Structure
|
2918
2917
|
end
|
2919
2918
|
|
2920
|
-
# The part of a web request that you want
|
2921
|
-
#
|
2922
|
-
#
|
2923
|
-
#
|
2924
|
-
#
|
2925
|
-
#
|
2919
|
+
# The part of a web request that you want WAF to inspect. Include the
|
2920
|
+
# single `FieldToMatch` type that you want to inspect, with additional
|
2921
|
+
# specifications as needed, according to the type. You specify a single
|
2922
|
+
# request component in `FieldToMatch` for each rule statement that
|
2923
|
+
# requires it. To inspect more than one component of a web request,
|
2924
|
+
# create a separate rule statement for each component.
|
2926
2925
|
#
|
2927
2926
|
# @note When making an API call, you may pass FieldToMatch
|
2928
2927
|
# data as a hash:
|
@@ -2968,8 +2967,8 @@ module Aws::WAFV2
|
|
2968
2967
|
# argument to inspect, such as *UserName* or *SalesRegion*. The name
|
2969
2968
|
# can be up to 30 characters long and isn't case sensitive.
|
2970
2969
|
#
|
2971
|
-
# This is used only to indicate the web request component for
|
2972
|
-
#
|
2970
|
+
# This is used only to indicate the web request component for WAF to
|
2971
|
+
# inspect, in the FieldToMatch specification.
|
2973
2972
|
#
|
2974
2973
|
# Example JSON: `"SingleQueryArgument": \{ "Name": "myArgument" \}`
|
2975
2974
|
# @return [Types::SingleQueryArgument]
|
@@ -2995,12 +2994,12 @@ module Aws::WAFV2
|
|
2995
2994
|
# server as the HTTP request body, such as data from a form.
|
2996
2995
|
#
|
2997
2996
|
# Note that only the first 8 KB (8192 bytes) of the request body are
|
2998
|
-
# forwarded to
|
2999
|
-
#
|
2997
|
+
# forwarded to WAF for inspection by the underlying host service. If
|
2998
|
+
# you don't need to inspect more than 8 KB, you can guarantee that
|
3000
2999
|
# you don't allow additional bytes in by combining a statement that
|
3001
3000
|
# inspects the body of the web request, such as ByteMatchStatement or
|
3002
3001
|
# RegexPatternSetReferenceStatement, with a SizeConstraintStatement
|
3003
|
-
# that enforces an 8 KB size limit on the body of the request.
|
3002
|
+
# that enforces an 8 KB size limit on the body of the request. WAF
|
3004
3003
|
# doesn't support inspecting the entire contents of web requests
|
3005
3004
|
# whose bodies exceed the 8 KB limit.
|
3006
3005
|
# @return [Types::Body]
|
@@ -3017,12 +3016,12 @@ module Aws::WAFV2
|
|
3017
3016
|
# server as the HTTP request body, such as data from a form.
|
3018
3017
|
#
|
3019
3018
|
# Note that only the first 8 KB (8192 bytes) of the request body are
|
3020
|
-
# forwarded to
|
3021
|
-
#
|
3019
|
+
# forwarded to WAF for inspection by the underlying host service. If
|
3020
|
+
# you don't need to inspect more than 8 KB, you can guarantee that
|
3022
3021
|
# you don't allow additional bytes in by combining a statement that
|
3023
3022
|
# inspects the body of the web request, such as ByteMatchStatement or
|
3024
3023
|
# RegexPatternSetReferenceStatement, with a SizeConstraintStatement
|
3025
|
-
# that enforces an 8 KB size limit on the body of the request.
|
3024
|
+
# that enforces an 8 KB size limit on the body of the request. WAF
|
3026
3025
|
# doesn't support inspecting the entire contents of web requests
|
3027
3026
|
# whose bodies exceed the 8 KB limit.
|
3028
3027
|
# @return [Types::JsonBody]
|
@@ -3087,7 +3086,7 @@ module Aws::WAFV2
|
|
3087
3086
|
include Aws::Structure
|
3088
3087
|
end
|
3089
3088
|
|
3090
|
-
# A rule group that's defined for an
|
3089
|
+
# A rule group that's defined for an Firewall Manager WAF policy.
|
3091
3090
|
#
|
3092
3091
|
# @!attribute [rw] name
|
3093
3092
|
# The name of the rule group. You cannot change the name of a rule
|
@@ -3096,15 +3095,15 @@ module Aws::WAFV2
|
|
3096
3095
|
#
|
3097
3096
|
# @!attribute [rw] priority
|
3098
3097
|
# If you define more than one rule group in the first or last Firewall
|
3099
|
-
# Manager rule groups,
|
3098
|
+
# Manager rule groups, WAF evaluates each request against the rule
|
3100
3099
|
# groups in order, starting from the lowest priority setting. The
|
3101
3100
|
# priorities don't need to be consecutive, but they must all be
|
3102
3101
|
# different.
|
3103
3102
|
# @return [Integer]
|
3104
3103
|
#
|
3105
3104
|
# @!attribute [rw] firewall_manager_statement
|
3106
|
-
# The processing guidance for an
|
3107
|
-
#
|
3105
|
+
# The processing guidance for an Firewall Manager rule. This is like a
|
3106
|
+
# regular rule Statement, but it can only contain a rule group
|
3108
3107
|
# reference.
|
3109
3108
|
# @return [Types::FirewallManagerStatement]
|
3110
3109
|
#
|
@@ -3144,8 +3143,8 @@ module Aws::WAFV2
|
|
3144
3143
|
include Aws::Structure
|
3145
3144
|
end
|
3146
3145
|
|
3147
|
-
# The processing guidance for an
|
3148
|
-
#
|
3146
|
+
# The processing guidance for an Firewall Manager rule. This is like a
|
3147
|
+
# regular rule Statement, but it can only contain a rule group
|
3149
3148
|
# reference.
|
3150
3149
|
#
|
3151
3150
|
# @!attribute [rw] managed_rule_group_statement
|
@@ -3154,7 +3153,7 @@ module Aws::WAFV2
|
|
3154
3153
|
# rule group in this statement. You can retrieve the required names by
|
3155
3154
|
# calling ListAvailableManagedRuleGroups.
|
3156
3155
|
#
|
3157
|
-
# You
|
3156
|
+
# You cannot nest a `ManagedRuleGroupStatement`, for example for use
|
3158
3157
|
# inside a `NotStatement` or `OrStatement`. It can only be referenced
|
3159
3158
|
# as a top-level statement within a rule.
|
3160
3159
|
# @return [Types::ManagedRuleGroupStatement]
|
@@ -3183,8 +3182,8 @@ module Aws::WAFV2
|
|
3183
3182
|
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
3184
3183
|
# header, but you can specify any header name.
|
3185
3184
|
#
|
3186
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
3187
|
-
#
|
3185
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
3186
|
+
# apply the rule to the web request at all.
|
3188
3187
|
#
|
3189
3188
|
# </note>
|
3190
3189
|
#
|
@@ -3192,8 +3191,8 @@ module Aws::WAFV2
|
|
3192
3191
|
# RateBasedStatement. For IPSetReferenceStatement, use
|
3193
3192
|
# IPSetForwardedIPConfig instead.
|
3194
3193
|
#
|
3195
|
-
#
|
3196
|
-
#
|
3194
|
+
# WAF only evaluates the first IP address found in the specified HTTP
|
3195
|
+
# header.
|
3197
3196
|
#
|
3198
3197
|
# @note When making an API call, you may pass ForwardedIPConfig
|
3199
3198
|
# data as a hash:
|
@@ -3208,8 +3207,8 @@ module Aws::WAFV2
|
|
3208
3207
|
# to use the X-Forwarded-For (XFF) header, set this to
|
3209
3208
|
# `X-Forwarded-For`.
|
3210
3209
|
#
|
3211
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
3212
|
-
#
|
3210
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
3211
|
+
# apply the rule to the web request at all.
|
3213
3212
|
#
|
3214
3213
|
# </note>
|
3215
3214
|
# @return [String]
|
@@ -3218,15 +3217,15 @@ module Aws::WAFV2
|
|
3218
3217
|
# The match status to assign to the web request if the request
|
3219
3218
|
# doesn't have a valid IP address in the specified position.
|
3220
3219
|
#
|
3221
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
3222
|
-
#
|
3220
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
3221
|
+
# apply the rule to the web request at all.
|
3223
3222
|
#
|
3224
3223
|
# </note>
|
3225
3224
|
#
|
3226
3225
|
# You can specify the following fallback behaviors:
|
3227
3226
|
#
|
3228
3227
|
# * `MATCH` - Treat the web request as matching the rule statement.
|
3229
|
-
#
|
3228
|
+
# WAF applies the rule action to the request.
|
3230
3229
|
#
|
3231
3230
|
# * `NO_MATCH` - Treat the web request as not matching the rule
|
3232
3231
|
# statement.
|
@@ -3267,8 +3266,8 @@ module Aws::WAFV2
|
|
3267
3266
|
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
3268
3267
|
# header, but you can specify any header name.
|
3269
3268
|
#
|
3270
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
3271
|
-
#
|
3269
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
3270
|
+
# apply the rule to the web request at all.
|
3272
3271
|
#
|
3273
3272
|
# </note>
|
3274
3273
|
# @return [Types::ForwardedIPConfig]
|
@@ -3297,10 +3296,10 @@ module Aws::WAFV2
|
|
3297
3296
|
# @return [String]
|
3298
3297
|
#
|
3299
3298
|
# @!attribute [rw] scope
|
3300
|
-
# Specifies whether this is for an
|
3301
|
-
# a regional application. A regional application can be an
|
3302
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
3303
|
-
# API.
|
3299
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
3300
|
+
# for a regional application. A regional application can be an
|
3301
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
3302
|
+
# an AppSync GraphQL API.
|
3304
3303
|
#
|
3305
3304
|
# To work with CloudFront, you must also specify the Region US East
|
3306
3305
|
# (N. Virginia) as follows:
|
@@ -3331,14 +3330,14 @@ module Aws::WAFV2
|
|
3331
3330
|
# @return [Types::IPSet]
|
3332
3331
|
#
|
3333
3332
|
# @!attribute [rw] lock_token
|
3334
|
-
# A token used for optimistic locking.
|
3335
|
-
#
|
3336
|
-
#
|
3333
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
3334
|
+
# and list requests, to mark the state of the entity at the time of
|
3335
|
+
# the request. To make changes to the entity associated with the
|
3337
3336
|
# token, you provide the token to operations like update and delete.
|
3338
|
-
#
|
3339
|
-
#
|
3340
|
-
#
|
3341
|
-
#
|
3337
|
+
# WAF uses the token to ensure that no changes have been made to the
|
3338
|
+
# entity since you last retrieved it. If a change has been made, the
|
3339
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
3340
|
+
# perform another get, and use the new token returned by that
|
3342
3341
|
# operation.
|
3343
3342
|
# @return [String]
|
3344
3343
|
#
|
@@ -3426,10 +3425,10 @@ module Aws::WAFV2
|
|
3426
3425
|
# }
|
3427
3426
|
#
|
3428
3427
|
# @!attribute [rw] scope
|
3429
|
-
# Specifies whether this is for an
|
3430
|
-
# a regional application. A regional application can be an
|
3431
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
3432
|
-
# API.
|
3428
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
3429
|
+
# for a regional application. A regional application can be an
|
3430
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
3431
|
+
# an AppSync GraphQL API.
|
3433
3432
|
#
|
3434
3433
|
# To work with CloudFront, you must also specify the Region US East
|
3435
3434
|
# (N. Virginia) as follows:
|
@@ -3441,12 +3440,12 @@ module Aws::WAFV2
|
|
3441
3440
|
# @return [String]
|
3442
3441
|
#
|
3443
3442
|
# @!attribute [rw] web_acl_name
|
3444
|
-
# The name of the
|
3443
|
+
# The name of the web ACL. You cannot change the name of a web ACL
|
3445
3444
|
# after you create it.
|
3446
3445
|
# @return [String]
|
3447
3446
|
#
|
3448
3447
|
# @!attribute [rw] web_acl_id
|
3449
|
-
# The unique identifier for the
|
3448
|
+
# The unique identifier for the web ACL. This ID is returned in the
|
3450
3449
|
# responses to create and list commands. You provide it to operations
|
3451
3450
|
# like update and delete.
|
3452
3451
|
# @return [String]
|
@@ -3498,10 +3497,10 @@ module Aws::WAFV2
|
|
3498
3497
|
# @return [String]
|
3499
3498
|
#
|
3500
3499
|
# @!attribute [rw] scope
|
3501
|
-
# Specifies whether this is for an
|
3502
|
-
# a regional application. A regional application can be an
|
3503
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
3504
|
-
# API.
|
3500
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
3501
|
+
# for a regional application. A regional application can be an
|
3502
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
3503
|
+
# an AppSync GraphQL API.
|
3505
3504
|
#
|
3506
3505
|
# To work with CloudFront, you must also specify the Region US East
|
3507
3506
|
# (N. Virginia) as follows:
|
@@ -3532,14 +3531,14 @@ module Aws::WAFV2
|
|
3532
3531
|
# @return [Types::RegexPatternSet]
|
3533
3532
|
#
|
3534
3533
|
# @!attribute [rw] lock_token
|
3535
|
-
# A token used for optimistic locking.
|
3536
|
-
#
|
3537
|
-
#
|
3534
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
3535
|
+
# and list requests, to mark the state of the entity at the time of
|
3536
|
+
# the request. To make changes to the entity associated with the
|
3538
3537
|
# token, you provide the token to operations like update and delete.
|
3539
|
-
#
|
3540
|
-
#
|
3541
|
-
#
|
3542
|
-
#
|
3538
|
+
# WAF uses the token to ensure that no changes have been made to the
|
3539
|
+
# entity since you last retrieved it. If a change has been made, the
|
3540
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
3541
|
+
# perform another get, and use the new token returned by that
|
3543
3542
|
# operation.
|
3544
3543
|
# @return [String]
|
3545
3544
|
#
|
@@ -3556,9 +3555,10 @@ module Aws::WAFV2
|
|
3556
3555
|
# data as a hash:
|
3557
3556
|
#
|
3558
3557
|
# {
|
3559
|
-
# name: "EntityName",
|
3560
|
-
# scope: "CLOUDFRONT", #
|
3561
|
-
# id: "EntityId",
|
3558
|
+
# name: "EntityName",
|
3559
|
+
# scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
|
3560
|
+
# id: "EntityId",
|
3561
|
+
# arn: "ResourceArn",
|
3562
3562
|
# }
|
3563
3563
|
#
|
3564
3564
|
# @!attribute [rw] name
|
@@ -3567,10 +3567,10 @@ module Aws::WAFV2
|
|
3567
3567
|
# @return [String]
|
3568
3568
|
#
|
3569
3569
|
# @!attribute [rw] scope
|
3570
|
-
# Specifies whether this is for an
|
3571
|
-
# a regional application. A regional application can be an
|
3572
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
3573
|
-
# API.
|
3570
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
3571
|
+
# for a regional application. A regional application can be an
|
3572
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
3573
|
+
# an AppSync GraphQL API.
|
3574
3574
|
#
|
3575
3575
|
# To work with CloudFront, you must also specify the Region US East
|
3576
3576
|
# (N. Virginia) as follows:
|
@@ -3587,12 +3587,17 @@ module Aws::WAFV2
|
|
3587
3587
|
# like update and delete.
|
3588
3588
|
# @return [String]
|
3589
3589
|
#
|
3590
|
+
# @!attribute [rw] arn
|
3591
|
+
# The Amazon Resource Name (ARN) of the entity.
|
3592
|
+
# @return [String]
|
3593
|
+
#
|
3590
3594
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRuleGroupRequest AWS API Documentation
|
3591
3595
|
#
|
3592
3596
|
class GetRuleGroupRequest < Struct.new(
|
3593
3597
|
:name,
|
3594
3598
|
:scope,
|
3595
|
-
:id
|
3599
|
+
:id,
|
3600
|
+
:arn)
|
3596
3601
|
SENSITIVE = []
|
3597
3602
|
include Aws::Structure
|
3598
3603
|
end
|
@@ -3601,14 +3606,14 @@ module Aws::WAFV2
|
|
3601
3606
|
# @return [Types::RuleGroup]
|
3602
3607
|
#
|
3603
3608
|
# @!attribute [rw] lock_token
|
3604
|
-
# A token used for optimistic locking.
|
3605
|
-
#
|
3606
|
-
#
|
3609
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
3610
|
+
# and list requests, to mark the state of the entity at the time of
|
3611
|
+
# the request. To make changes to the entity associated with the
|
3607
3612
|
# token, you provide the token to operations like update and delete.
|
3608
|
-
#
|
3609
|
-
#
|
3610
|
-
#
|
3611
|
-
#
|
3613
|
+
# WAF uses the token to ensure that no changes have been made to the
|
3614
|
+
# entity since you last retrieved it. If a change has been made, the
|
3615
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
3616
|
+
# perform another get, and use the new token returned by that
|
3612
3617
|
# operation.
|
3613
3618
|
# @return [String]
|
3614
3619
|
#
|
@@ -3646,10 +3651,10 @@ module Aws::WAFV2
|
|
3646
3651
|
# @return [String]
|
3647
3652
|
#
|
3648
3653
|
# @!attribute [rw] scope
|
3649
|
-
# Specifies whether this is for an
|
3650
|
-
# a regional application. A regional application can be an
|
3651
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
3652
|
-
# API.
|
3654
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
3655
|
+
# for a regional application. A regional application can be an
|
3656
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
3657
|
+
# an AppSync GraphQL API.
|
3653
3658
|
#
|
3654
3659
|
# To work with CloudFront, you must also specify the Region US East
|
3655
3660
|
# (N. Virginia) as follows:
|
@@ -3667,15 +3672,15 @@ module Aws::WAFV2
|
|
3667
3672
|
# format. UTC format includes the special designator, `Z`. For
|
3668
3673
|
# example, `"2016-09-27T14:50Z"`. You can specify any time range in
|
3669
3674
|
# the previous three hours. If you specify a start time that's
|
3670
|
-
# earlier than three hours ago,
|
3675
|
+
# earlier than three hours ago, WAF sets it to three hours ago.
|
3671
3676
|
# @return [Types::TimeWindow]
|
3672
3677
|
#
|
3673
3678
|
# @!attribute [rw] max_items
|
3674
|
-
# The number of requests that you want
|
3675
|
-
#
|
3676
|
-
# time range. If your resource received fewer requests than
|
3677
|
-
# of `MaxItems`, `GetSampledRequests` returns information
|
3678
|
-
# them.
|
3679
|
+
# The number of requests that you want WAF to return from among the
|
3680
|
+
# first 5,000 requests that your Amazon Web Services resource received
|
3681
|
+
# during the time range. If your resource received fewer requests than
|
3682
|
+
# the value of `MaxItems`, `GetSampledRequests` returns information
|
3683
|
+
# about all of them.
|
3679
3684
|
# @return [Integer]
|
3680
3685
|
#
|
3681
3686
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetSampledRequestsRequest AWS API Documentation
|
@@ -3698,17 +3703,17 @@ module Aws::WAFV2
|
|
3698
3703
|
# @!attribute [rw] population_size
|
3699
3704
|
# The total number of requests from which `GetSampledRequests` got a
|
3700
3705
|
# sample of `MaxItems` requests. If `PopulationSize` is less than
|
3701
|
-
# `MaxItems`, the sample includes every request that your
|
3702
|
-
# received during the specified time range.
|
3706
|
+
# `MaxItems`, the sample includes every request that your Amazon Web
|
3707
|
+
# Services resource received during the specified time range.
|
3703
3708
|
# @return [Integer]
|
3704
3709
|
#
|
3705
3710
|
# @!attribute [rw] time_window
|
3706
3711
|
# Usually, `TimeWindow` is the time range that you specified in the
|
3707
|
-
# `GetSampledRequests` request. However, if your
|
3708
|
-
# more than 5,000 requests during the time range
|
3709
|
-
# the request, `GetSampledRequests` returns the
|
3710
|
-
# first 5,000 requests. Times are in Coordinated
|
3711
|
-
# format.
|
3712
|
+
# `GetSampledRequests` request. However, if your Amazon Web Services
|
3713
|
+
# resource received more than 5,000 requests during the time range
|
3714
|
+
# that you specified in the request, `GetSampledRequests` returns the
|
3715
|
+
# time range for the first 5,000 requests. Times are in Coordinated
|
3716
|
+
# Universal Time (UTC) format.
|
3712
3717
|
# @return [Types::TimeWindow]
|
3713
3718
|
#
|
3714
3719
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetSampledRequestsResponse AWS API Documentation
|
@@ -3741,8 +3746,8 @@ module Aws::WAFV2
|
|
3741
3746
|
end
|
3742
3747
|
|
3743
3748
|
# @!attribute [rw] web_acl
|
3744
|
-
# The
|
3745
|
-
# associated resource,
|
3749
|
+
# The web ACL that is associated with the resource. If there is no
|
3750
|
+
# associated resource, WAF returns a null web ACL.
|
3746
3751
|
# @return [Types::WebACL]
|
3747
3752
|
#
|
3748
3753
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLForResourceResponse AWS API Documentation
|
@@ -3763,15 +3768,15 @@ module Aws::WAFV2
|
|
3763
3768
|
# }
|
3764
3769
|
#
|
3765
3770
|
# @!attribute [rw] name
|
3766
|
-
# The name of the
|
3771
|
+
# The name of the web ACL. You cannot change the name of a web ACL
|
3767
3772
|
# after you create it.
|
3768
3773
|
# @return [String]
|
3769
3774
|
#
|
3770
3775
|
# @!attribute [rw] scope
|
3771
|
-
# Specifies whether this is for an
|
3772
|
-
# a regional application. A regional application can be an
|
3773
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
3774
|
-
# API.
|
3776
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
3777
|
+
# for a regional application. A regional application can be an
|
3778
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
3779
|
+
# an AppSync GraphQL API.
|
3775
3780
|
#
|
3776
3781
|
# To work with CloudFront, you must also specify the Region US East
|
3777
3782
|
# (N. Virginia) as follows:
|
@@ -3783,7 +3788,7 @@ module Aws::WAFV2
|
|
3783
3788
|
# @return [String]
|
3784
3789
|
#
|
3785
3790
|
# @!attribute [rw] id
|
3786
|
-
# The unique identifier for the
|
3791
|
+
# The unique identifier for the web ACL. This ID is returned in the
|
3787
3792
|
# responses to create and list commands. You provide it to operations
|
3788
3793
|
# like update and delete.
|
3789
3794
|
# @return [String]
|
@@ -3799,19 +3804,19 @@ module Aws::WAFV2
|
|
3799
3804
|
end
|
3800
3805
|
|
3801
3806
|
# @!attribute [rw] web_acl
|
3802
|
-
# The
|
3803
|
-
# ACL and use it to update this
|
3807
|
+
# The web ACL specification. You can modify the settings in this web
|
3808
|
+
# ACL and use it to update this web ACL or create a new one.
|
3804
3809
|
# @return [Types::WebACL]
|
3805
3810
|
#
|
3806
3811
|
# @!attribute [rw] lock_token
|
3807
|
-
# A token used for optimistic locking.
|
3808
|
-
#
|
3809
|
-
#
|
3812
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
3813
|
+
# and list requests, to mark the state of the entity at the time of
|
3814
|
+
# the request. To make changes to the entity associated with the
|
3810
3815
|
# token, you provide the token to operations like update and delete.
|
3811
|
-
#
|
3812
|
-
#
|
3813
|
-
#
|
3814
|
-
#
|
3816
|
+
# WAF uses the token to ensure that no changes have been made to the
|
3817
|
+
# entity since you last retrieved it. If a change has been made, the
|
3818
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
3819
|
+
# perform another get, and use the new token returned by that
|
3815
3820
|
# operation.
|
3816
3821
|
# @return [String]
|
3817
3822
|
#
|
@@ -3905,13 +3910,12 @@ module Aws::WAFV2
|
|
3905
3910
|
end
|
3906
3911
|
|
3907
3912
|
# Contains one or more IP addresses or blocks of IP addresses specified
|
3908
|
-
# in Classless Inter-Domain Routing (CIDR) notation.
|
3909
|
-
#
|
3910
|
-
#
|
3911
|
-
# Routing][1].
|
3913
|
+
# in Classless Inter-Domain Routing (CIDR) notation. WAF supports all
|
3914
|
+
# IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR
|
3915
|
+
# notation, see the Wikipedia entry [Classless Inter-Domain Routing][1].
|
3912
3916
|
#
|
3913
|
-
#
|
3914
|
-
#
|
3917
|
+
# WAF assigns an ARN to each `IPSet` that you create. To use an IP set
|
3918
|
+
# in a rule, you provide the ARN to the Rule statement
|
3915
3919
|
# IPSetReferenceStatement.
|
3916
3920
|
#
|
3917
3921
|
#
|
@@ -3944,25 +3948,24 @@ module Aws::WAFV2
|
|
3944
3948
|
# @!attribute [rw] addresses
|
3945
3949
|
# Contains an array of strings that specify one or more IP addresses
|
3946
3950
|
# or blocks of IP addresses in Classless Inter-Domain Routing (CIDR)
|
3947
|
-
# notation.
|
3948
|
-
# /0.
|
3951
|
+
# notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
|
3949
3952
|
#
|
3950
3953
|
# Examples:
|
3951
3954
|
#
|
3952
|
-
# * To configure
|
3955
|
+
# * To configure WAF to allow, block, or count requests that
|
3953
3956
|
# originated from the IP address 192.0.2.44, specify
|
3954
3957
|
# `192.0.2.44/32`.
|
3955
3958
|
#
|
3956
|
-
# * To configure
|
3959
|
+
# * To configure WAF to allow, block, or count requests that
|
3957
3960
|
# originated from IP addresses from 192.0.2.0 to 192.0.2.255,
|
3958
3961
|
# specify `192.0.2.0/24`.
|
3959
3962
|
#
|
3960
|
-
# * To configure
|
3963
|
+
# * To configure WAF to allow, block, or count requests that
|
3961
3964
|
# originated from the IP address
|
3962
3965
|
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
3963
3966
|
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
3964
3967
|
#
|
3965
|
-
# * To configure
|
3968
|
+
# * To configure WAF to allow, block, or count requests that
|
3966
3969
|
# originated from IP addresses
|
3967
3970
|
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
3968
3971
|
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
@@ -3994,8 +3997,8 @@ module Aws::WAFV2
|
|
3994
3997
|
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
3995
3998
|
# header, but you can specify any header name.
|
3996
3999
|
#
|
3997
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
3998
|
-
#
|
4000
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
4001
|
+
# apply the rule to the web request at all.
|
3999
4002
|
#
|
4000
4003
|
# </note>
|
4001
4004
|
#
|
@@ -4017,8 +4020,8 @@ module Aws::WAFV2
|
|
4017
4020
|
# to use the X-Forwarded-For (XFF) header, set this to
|
4018
4021
|
# `X-Forwarded-For`.
|
4019
4022
|
#
|
4020
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
4021
|
-
#
|
4023
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
4024
|
+
# apply the rule to the web request at all.
|
4022
4025
|
#
|
4023
4026
|
# </note>
|
4024
4027
|
# @return [String]
|
@@ -4027,15 +4030,15 @@ module Aws::WAFV2
|
|
4027
4030
|
# The match status to assign to the web request if the request
|
4028
4031
|
# doesn't have a valid IP address in the specified position.
|
4029
4032
|
#
|
4030
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
4031
|
-
#
|
4033
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
4034
|
+
# apply the rule to the web request at all.
|
4032
4035
|
#
|
4033
4036
|
# </note>
|
4034
4037
|
#
|
4035
4038
|
# You can specify the following fallback behaviors:
|
4036
4039
|
#
|
4037
4040
|
# * `MATCH` - Treat the web request as matching the rule statement.
|
4038
|
-
#
|
4041
|
+
# WAF applies the rule action to the request.
|
4039
4042
|
#
|
4040
4043
|
# * `NO_MATCH` - Treat the web request as not matching the rule
|
4041
4044
|
# statement.
|
@@ -4057,8 +4060,8 @@ module Aws::WAFV2
|
|
4057
4060
|
# the header.
|
4058
4061
|
#
|
4059
4062
|
# * ANY - Inspect all IP addresses in the header for a match. If the
|
4060
|
-
# header contains more than 10 IP addresses,
|
4061
|
-
#
|
4063
|
+
# header contains more than 10 IP addresses, WAF inspects the last
|
4064
|
+
# 10.
|
4062
4065
|
# @return [String]
|
4063
4066
|
#
|
4064
4067
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetForwardedIPConfig AWS API Documentation
|
@@ -4078,8 +4081,8 @@ module Aws::WAFV2
|
|
4078
4081
|
#
|
4079
4082
|
# Each IP set rule statement references an IP set. You create and
|
4080
4083
|
# maintain the set independent of your rules. This allows you to use the
|
4081
|
-
# single set in multiple rules. When you update the referenced set,
|
4082
|
-
#
|
4084
|
+
# single set in multiple rules. When you update the referenced set, WAF
|
4085
|
+
# automatically updates all rules that reference it.
|
4083
4086
|
#
|
4084
4087
|
# @note When making an API call, you may pass IPSetReferenceStatement
|
4085
4088
|
# data as a hash:
|
@@ -4104,8 +4107,8 @@ module Aws::WAFV2
|
|
4104
4107
|
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
4105
4108
|
# header, but you can specify any header name.
|
4106
4109
|
#
|
4107
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
4108
|
-
#
|
4110
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
4111
|
+
# apply the rule to the web request at all.
|
4109
4112
|
#
|
4110
4113
|
# </note>
|
4111
4114
|
# @return [Types::IPSetForwardedIPConfig]
|
@@ -4140,14 +4143,14 @@ module Aws::WAFV2
|
|
4140
4143
|
# @return [String]
|
4141
4144
|
#
|
4142
4145
|
# @!attribute [rw] lock_token
|
4143
|
-
# A token used for optimistic locking.
|
4144
|
-
#
|
4145
|
-
#
|
4146
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
4147
|
+
# and list requests, to mark the state of the entity at the time of
|
4148
|
+
# the request. To make changes to the entity associated with the
|
4146
4149
|
# token, you provide the token to operations like update and delete.
|
4147
|
-
#
|
4148
|
-
#
|
4149
|
-
#
|
4150
|
-
#
|
4150
|
+
# WAF uses the token to ensure that no changes have been made to the
|
4151
|
+
# entity since you last retrieved it. If a change has been made, the
|
4152
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
4153
|
+
# perform another get, and use the new token returned by that
|
4151
4154
|
# operation.
|
4152
4155
|
# @return [String]
|
4153
4156
|
#
|
@@ -4172,7 +4175,7 @@ module Aws::WAFV2
|
|
4172
4175
|
# specification.
|
4173
4176
|
#
|
4174
4177
|
# Use the specifications in this object to indicate which parts of the
|
4175
|
-
# JSON body to inspect using the rule's inspection criteria.
|
4178
|
+
# JSON body to inspect using the rule's inspection criteria. WAF
|
4176
4179
|
# inspects only the parts of the JSON that result from the matches that
|
4177
4180
|
# you indicate.
|
4178
4181
|
#
|
@@ -4190,39 +4193,38 @@ module Aws::WAFV2
|
|
4190
4193
|
# }
|
4191
4194
|
#
|
4192
4195
|
# @!attribute [rw] match_pattern
|
4193
|
-
# The patterns to look for in the JSON body.
|
4194
|
-
#
|
4195
|
-
# criteria.
|
4196
|
+
# The patterns to look for in the JSON body. WAF inspects the results
|
4197
|
+
# of these pattern matches against the rule inspection criteria.
|
4196
4198
|
# @return [Types::JsonMatchPattern]
|
4197
4199
|
#
|
4198
4200
|
# @!attribute [rw] match_scope
|
4199
4201
|
# The parts of the JSON to match against using the `MatchPattern`. If
|
4200
|
-
# you specify `All`,
|
4202
|
+
# you specify `All`, WAF matches against keys and values.
|
4201
4203
|
# @return [String]
|
4202
4204
|
#
|
4203
4205
|
# @!attribute [rw] invalid_fallback_behavior
|
4204
|
-
# What
|
4205
|
-
#
|
4206
|
+
# What WAF should do if it fails to completely parse the JSON body.
|
4207
|
+
# The options are the following:
|
4206
4208
|
#
|
4207
|
-
# * `EVALUATE_AS_STRING` - Inspect the body as plain text.
|
4208
|
-
#
|
4209
|
-
#
|
4209
|
+
# * `EVALUATE_AS_STRING` - Inspect the body as plain text. WAF applies
|
4210
|
+
# the text transformations and inspection criteria that you defined
|
4211
|
+
# for the JSON inspection to the body text string.
|
4210
4212
|
#
|
4211
4213
|
# * `MATCH` - Treat the web request as matching the rule statement.
|
4212
|
-
#
|
4214
|
+
# WAF applies the rule action to the request.
|
4213
4215
|
#
|
4214
4216
|
# * `NO_MATCH` - Treat the web request as not matching the rule
|
4215
4217
|
# statement.
|
4216
4218
|
#
|
4217
|
-
# If you don't provide this setting,
|
4219
|
+
# If you don't provide this setting, WAF parses and evaluates the
|
4218
4220
|
# content only up to the first parsing failure that it encounters.
|
4219
4221
|
#
|
4220
|
-
#
|
4221
|
-
#
|
4222
|
+
# WAF does its best to parse the entire JSON body, but might be forced
|
4223
|
+
# to stop for reasons such as characters that aren't valid, duplicate
|
4222
4224
|
# keys, truncation, and any content whose root node isn't an object
|
4223
4225
|
# or an array.
|
4224
4226
|
#
|
4225
|
-
#
|
4227
|
+
# WAF parses the JSON in the following examples as two valid key,
|
4226
4228
|
# value pairs:
|
4227
4229
|
#
|
4228
4230
|
# * Missing comma: `\{"key1":"value1""key2":"value2"\}`
|
@@ -4242,9 +4244,9 @@ module Aws::WAFV2
|
|
4242
4244
|
include Aws::Structure
|
4243
4245
|
end
|
4244
4246
|
|
4245
|
-
# The patterns to look for in the JSON body.
|
4246
|
-
#
|
4247
|
-
#
|
4247
|
+
# The patterns to look for in the JSON body. WAF inspects the results of
|
4248
|
+
# these pattern matches against the rule inspection criteria. This is
|
4249
|
+
# used with the FieldToMatch option `JsonBody`.
|
4248
4250
|
#
|
4249
4251
|
# @note When making an API call, you may pass JsonMatchPattern
|
4250
4252
|
# data as a hash:
|
@@ -4326,8 +4328,8 @@ module Aws::WAFV2
|
|
4326
4328
|
# qualified labels have a prefix, optional namespaces, and label name.
|
4327
4329
|
# The prefix identifies the rule group or web ACL context of the rule
|
4328
4330
|
# that added the label. If you do not provide the fully qualified name
|
4329
|
-
# in your label match string,
|
4330
|
-
#
|
4331
|
+
# in your label match string, WAF performs the search for labels that
|
4332
|
+
# were added in the same context as the label match statement.
|
4331
4333
|
#
|
4332
4334
|
# @note When making an API call, you may pass LabelMatchStatement
|
4333
4335
|
# data as a hash:
|
@@ -4344,7 +4346,7 @@ module Aws::WAFV2
|
|
4344
4346
|
#
|
4345
4347
|
# @!attribute [rw] key
|
4346
4348
|
# The string to match against. The setting you provide for this
|
4347
|
-
# depends on the match statement's `Scope`
|
4349
|
+
# depends on the match statement's `Scope` setting:
|
4348
4350
|
#
|
4349
4351
|
# * If the `Scope` indicates `LABEL`, then this specification must
|
4350
4352
|
# include the name and can include any number of preceding namespace
|
@@ -4426,10 +4428,10 @@ module Aws::WAFV2
|
|
4426
4428
|
# }
|
4427
4429
|
#
|
4428
4430
|
# @!attribute [rw] scope
|
4429
|
-
# Specifies whether this is for an
|
4430
|
-
# a regional application. A regional application can be an
|
4431
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
4432
|
-
# API.
|
4431
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
4432
|
+
# for a regional application. A regional application can be an
|
4433
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
4434
|
+
# an AppSync GraphQL API.
|
4433
4435
|
#
|
4434
4436
|
# To work with CloudFront, you must also specify the Region US East
|
4435
4437
|
# (N. Virginia) as follows:
|
@@ -4443,16 +4445,16 @@ module Aws::WAFV2
|
|
4443
4445
|
# @!attribute [rw] next_marker
|
4444
4446
|
# When you request a list of objects with a `Limit` setting, if the
|
4445
4447
|
# number of objects that are still available for retrieval exceeds the
|
4446
|
-
# limit,
|
4447
|
-
#
|
4448
|
-
#
|
4448
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4449
|
+
# the next batch of objects, provide the marker from the prior call in
|
4450
|
+
# your next request.
|
4449
4451
|
# @return [String]
|
4450
4452
|
#
|
4451
4453
|
# @!attribute [rw] limit
|
4452
|
-
# The maximum number of objects that you want
|
4453
|
-
#
|
4454
|
-
#
|
4455
|
-
#
|
4454
|
+
# The maximum number of objects that you want WAF to return for this
|
4455
|
+
# request. If more objects are available, in the response, WAF
|
4456
|
+
# provides a `NextMarker` value that you can use in a subsequent call
|
4457
|
+
# to get the next batch of objects.
|
4456
4458
|
# @return [Integer]
|
4457
4459
|
#
|
4458
4460
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsRequest AWS API Documentation
|
@@ -4468,9 +4470,9 @@ module Aws::WAFV2
|
|
4468
4470
|
# @!attribute [rw] next_marker
|
4469
4471
|
# When you request a list of objects with a `Limit` setting, if the
|
4470
4472
|
# number of objects that are still available for retrieval exceeds the
|
4471
|
-
# limit,
|
4472
|
-
#
|
4473
|
-
#
|
4473
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4474
|
+
# the next batch of objects, provide the marker from the prior call in
|
4475
|
+
# your next request.
|
4474
4476
|
# @return [String]
|
4475
4477
|
#
|
4476
4478
|
# @!attribute [rw] managed_rule_groups
|
@@ -4495,10 +4497,10 @@ module Aws::WAFV2
|
|
4495
4497
|
# }
|
4496
4498
|
#
|
4497
4499
|
# @!attribute [rw] scope
|
4498
|
-
# Specifies whether this is for an
|
4499
|
-
# a regional application. A regional application can be an
|
4500
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
4501
|
-
# API.
|
4500
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
4501
|
+
# for a regional application. A regional application can be an
|
4502
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
4503
|
+
# an AppSync GraphQL API.
|
4502
4504
|
#
|
4503
4505
|
# To work with CloudFront, you must also specify the Region US East
|
4504
4506
|
# (N. Virginia) as follows:
|
@@ -4512,16 +4514,16 @@ module Aws::WAFV2
|
|
4512
4514
|
# @!attribute [rw] next_marker
|
4513
4515
|
# When you request a list of objects with a `Limit` setting, if the
|
4514
4516
|
# number of objects that are still available for retrieval exceeds the
|
4515
|
-
# limit,
|
4516
|
-
#
|
4517
|
-
#
|
4517
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4518
|
+
# the next batch of objects, provide the marker from the prior call in
|
4519
|
+
# your next request.
|
4518
4520
|
# @return [String]
|
4519
4521
|
#
|
4520
4522
|
# @!attribute [rw] limit
|
4521
|
-
# The maximum number of objects that you want
|
4522
|
-
#
|
4523
|
-
#
|
4524
|
-
#
|
4523
|
+
# The maximum number of objects that you want WAF to return for this
|
4524
|
+
# request. If more objects are available, in the response, WAF
|
4525
|
+
# provides a `NextMarker` value that you can use in a subsequent call
|
4526
|
+
# to get the next batch of objects.
|
4525
4527
|
# @return [Integer]
|
4526
4528
|
#
|
4527
4529
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsRequest AWS API Documentation
|
@@ -4537,9 +4539,9 @@ module Aws::WAFV2
|
|
4537
4539
|
# @!attribute [rw] next_marker
|
4538
4540
|
# When you request a list of objects with a `Limit` setting, if the
|
4539
4541
|
# number of objects that are still available for retrieval exceeds the
|
4540
|
-
# limit,
|
4541
|
-
#
|
4542
|
-
#
|
4542
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4543
|
+
# the next batch of objects, provide the marker from the prior call in
|
4544
|
+
# your next request.
|
4543
4545
|
# @return [String]
|
4544
4546
|
#
|
4545
4547
|
# @!attribute [rw] ip_sets
|
@@ -4566,10 +4568,10 @@ module Aws::WAFV2
|
|
4566
4568
|
# }
|
4567
4569
|
#
|
4568
4570
|
# @!attribute [rw] scope
|
4569
|
-
# Specifies whether this is for an
|
4570
|
-
# a regional application. A regional application can be an
|
4571
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
4572
|
-
# API.
|
4571
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
4572
|
+
# for a regional application. A regional application can be an
|
4573
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
4574
|
+
# an AppSync GraphQL API.
|
4573
4575
|
#
|
4574
4576
|
# To work with CloudFront, you must also specify the Region US East
|
4575
4577
|
# (N. Virginia) as follows:
|
@@ -4583,16 +4585,16 @@ module Aws::WAFV2
|
|
4583
4585
|
# @!attribute [rw] next_marker
|
4584
4586
|
# When you request a list of objects with a `Limit` setting, if the
|
4585
4587
|
# number of objects that are still available for retrieval exceeds the
|
4586
|
-
# limit,
|
4587
|
-
#
|
4588
|
-
#
|
4588
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4589
|
+
# the next batch of objects, provide the marker from the prior call in
|
4590
|
+
# your next request.
|
4589
4591
|
# @return [String]
|
4590
4592
|
#
|
4591
4593
|
# @!attribute [rw] limit
|
4592
|
-
# The maximum number of objects that you want
|
4593
|
-
#
|
4594
|
-
#
|
4595
|
-
#
|
4594
|
+
# The maximum number of objects that you want WAF to return for this
|
4595
|
+
# request. If more objects are available, in the response, WAF
|
4596
|
+
# provides a `NextMarker` value that you can use in a subsequent call
|
4597
|
+
# to get the next batch of objects.
|
4596
4598
|
# @return [Integer]
|
4597
4599
|
#
|
4598
4600
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListLoggingConfigurationsRequest AWS API Documentation
|
@@ -4611,9 +4613,9 @@ module Aws::WAFV2
|
|
4611
4613
|
# @!attribute [rw] next_marker
|
4612
4614
|
# When you request a list of objects with a `Limit` setting, if the
|
4613
4615
|
# number of objects that are still available for retrieval exceeds the
|
4614
|
-
# limit,
|
4615
|
-
#
|
4616
|
-
#
|
4616
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4617
|
+
# the next batch of objects, provide the marker from the prior call in
|
4618
|
+
# your next request.
|
4617
4619
|
# @return [String]
|
4618
4620
|
#
|
4619
4621
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListLoggingConfigurationsResponse AWS API Documentation
|
@@ -4635,10 +4637,10 @@ module Aws::WAFV2
|
|
4635
4637
|
# }
|
4636
4638
|
#
|
4637
4639
|
# @!attribute [rw] scope
|
4638
|
-
# Specifies whether this is for an
|
4639
|
-
# a regional application. A regional application can be an
|
4640
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
4641
|
-
# API.
|
4640
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
4641
|
+
# for a regional application. A regional application can be an
|
4642
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
4643
|
+
# an AppSync GraphQL API.
|
4642
4644
|
#
|
4643
4645
|
# To work with CloudFront, you must also specify the Region US East
|
4644
4646
|
# (N. Virginia) as follows:
|
@@ -4652,16 +4654,16 @@ module Aws::WAFV2
|
|
4652
4654
|
# @!attribute [rw] next_marker
|
4653
4655
|
# When you request a list of objects with a `Limit` setting, if the
|
4654
4656
|
# number of objects that are still available for retrieval exceeds the
|
4655
|
-
# limit,
|
4656
|
-
#
|
4657
|
-
#
|
4657
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4658
|
+
# the next batch of objects, provide the marker from the prior call in
|
4659
|
+
# your next request.
|
4658
4660
|
# @return [String]
|
4659
4661
|
#
|
4660
4662
|
# @!attribute [rw] limit
|
4661
|
-
# The maximum number of objects that you want
|
4662
|
-
#
|
4663
|
-
#
|
4664
|
-
#
|
4663
|
+
# The maximum number of objects that you want WAF to return for this
|
4664
|
+
# request. If more objects are available, in the response, WAF
|
4665
|
+
# provides a `NextMarker` value that you can use in a subsequent call
|
4666
|
+
# to get the next batch of objects.
|
4665
4667
|
# @return [Integer]
|
4666
4668
|
#
|
4667
4669
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListRegexPatternSetsRequest AWS API Documentation
|
@@ -4677,9 +4679,9 @@ module Aws::WAFV2
|
|
4677
4679
|
# @!attribute [rw] next_marker
|
4678
4680
|
# When you request a list of objects with a `Limit` setting, if the
|
4679
4681
|
# number of objects that are still available for retrieval exceeds the
|
4680
|
-
# limit,
|
4681
|
-
#
|
4682
|
-
#
|
4682
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4683
|
+
# the next batch of objects, provide the marker from the prior call in
|
4684
|
+
# your next request.
|
4683
4685
|
# @return [String]
|
4684
4686
|
#
|
4685
4687
|
# @!attribute [rw] regex_pattern_sets
|
@@ -4703,13 +4705,13 @@ module Aws::WAFV2
|
|
4703
4705
|
# }
|
4704
4706
|
#
|
4705
4707
|
# @!attribute [rw] web_acl_arn
|
4706
|
-
# The Amazon Resource Name (ARN) of the
|
4708
|
+
# The Amazon Resource Name (ARN) of the web ACL.
|
4707
4709
|
# @return [String]
|
4708
4710
|
#
|
4709
4711
|
# @!attribute [rw] resource_type
|
4710
4712
|
# Used for web ACLs that are scoped for regional applications. A
|
4711
4713
|
# regional application can be an Application Load Balancer (ALB), an
|
4712
|
-
# API Gateway REST API, or an AppSync GraphQL API.
|
4714
|
+
# Amazon API Gateway REST API, or an AppSync GraphQL API.
|
4713
4715
|
# @return [String]
|
4714
4716
|
#
|
4715
4717
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListResourcesForWebACLRequest AWS API Documentation
|
@@ -4744,10 +4746,10 @@ module Aws::WAFV2
|
|
4744
4746
|
# }
|
4745
4747
|
#
|
4746
4748
|
# @!attribute [rw] scope
|
4747
|
-
# Specifies whether this is for an
|
4748
|
-
# a regional application. A regional application can be an
|
4749
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
4750
|
-
# API.
|
4749
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
4750
|
+
# for a regional application. A regional application can be an
|
4751
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
4752
|
+
# an AppSync GraphQL API.
|
4751
4753
|
#
|
4752
4754
|
# To work with CloudFront, you must also specify the Region US East
|
4753
4755
|
# (N. Virginia) as follows:
|
@@ -4761,16 +4763,16 @@ module Aws::WAFV2
|
|
4761
4763
|
# @!attribute [rw] next_marker
|
4762
4764
|
# When you request a list of objects with a `Limit` setting, if the
|
4763
4765
|
# number of objects that are still available for retrieval exceeds the
|
4764
|
-
# limit,
|
4765
|
-
#
|
4766
|
-
#
|
4766
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4767
|
+
# the next batch of objects, provide the marker from the prior call in
|
4768
|
+
# your next request.
|
4767
4769
|
# @return [String]
|
4768
4770
|
#
|
4769
4771
|
# @!attribute [rw] limit
|
4770
|
-
# The maximum number of objects that you want
|
4771
|
-
#
|
4772
|
-
#
|
4773
|
-
#
|
4772
|
+
# The maximum number of objects that you want WAF to return for this
|
4773
|
+
# request. If more objects are available, in the response, WAF
|
4774
|
+
# provides a `NextMarker` value that you can use in a subsequent call
|
4775
|
+
# to get the next batch of objects.
|
4774
4776
|
# @return [Integer]
|
4775
4777
|
#
|
4776
4778
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListRuleGroupsRequest AWS API Documentation
|
@@ -4786,9 +4788,9 @@ module Aws::WAFV2
|
|
4786
4788
|
# @!attribute [rw] next_marker
|
4787
4789
|
# When you request a list of objects with a `Limit` setting, if the
|
4788
4790
|
# number of objects that are still available for retrieval exceeds the
|
4789
|
-
# limit,
|
4790
|
-
#
|
4791
|
-
#
|
4791
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4792
|
+
# the next batch of objects, provide the marker from the prior call in
|
4793
|
+
# your next request.
|
4792
4794
|
# @return [String]
|
4793
4795
|
#
|
4794
4796
|
# @!attribute [rw] rule_groups
|
@@ -4815,16 +4817,16 @@ module Aws::WAFV2
|
|
4815
4817
|
# @!attribute [rw] next_marker
|
4816
4818
|
# When you request a list of objects with a `Limit` setting, if the
|
4817
4819
|
# number of objects that are still available for retrieval exceeds the
|
4818
|
-
# limit,
|
4819
|
-
#
|
4820
|
-
#
|
4820
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4821
|
+
# the next batch of objects, provide the marker from the prior call in
|
4822
|
+
# your next request.
|
4821
4823
|
# @return [String]
|
4822
4824
|
#
|
4823
4825
|
# @!attribute [rw] limit
|
4824
|
-
# The maximum number of objects that you want
|
4825
|
-
#
|
4826
|
-
#
|
4827
|
-
#
|
4826
|
+
# The maximum number of objects that you want WAF to return for this
|
4827
|
+
# request. If more objects are available, in the response, WAF
|
4828
|
+
# provides a `NextMarker` value that you can use in a subsequent call
|
4829
|
+
# to get the next batch of objects.
|
4828
4830
|
# @return [Integer]
|
4829
4831
|
#
|
4830
4832
|
# @!attribute [rw] resource_arn
|
@@ -4844,9 +4846,9 @@ module Aws::WAFV2
|
|
4844
4846
|
# @!attribute [rw] next_marker
|
4845
4847
|
# When you request a list of objects with a `Limit` setting, if the
|
4846
4848
|
# number of objects that are still available for retrieval exceeds the
|
4847
|
-
# limit,
|
4848
|
-
#
|
4849
|
-
#
|
4849
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4850
|
+
# the next batch of objects, provide the marker from the prior call in
|
4851
|
+
# your next request.
|
4850
4852
|
# @return [String]
|
4851
4853
|
#
|
4852
4854
|
# @!attribute [rw] tag_info_for_resource
|
@@ -4872,10 +4874,10 @@ module Aws::WAFV2
|
|
4872
4874
|
# }
|
4873
4875
|
#
|
4874
4876
|
# @!attribute [rw] scope
|
4875
|
-
# Specifies whether this is for an
|
4876
|
-
# a regional application. A regional application can be an
|
4877
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
4878
|
-
# API.
|
4877
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
4878
|
+
# for a regional application. A regional application can be an
|
4879
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
4880
|
+
# an AppSync GraphQL API.
|
4879
4881
|
#
|
4880
4882
|
# To work with CloudFront, you must also specify the Region US East
|
4881
4883
|
# (N. Virginia) as follows:
|
@@ -4889,16 +4891,16 @@ module Aws::WAFV2
|
|
4889
4891
|
# @!attribute [rw] next_marker
|
4890
4892
|
# When you request a list of objects with a `Limit` setting, if the
|
4891
4893
|
# number of objects that are still available for retrieval exceeds the
|
4892
|
-
# limit,
|
4893
|
-
#
|
4894
|
-
#
|
4894
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4895
|
+
# the next batch of objects, provide the marker from the prior call in
|
4896
|
+
# your next request.
|
4895
4897
|
# @return [String]
|
4896
4898
|
#
|
4897
4899
|
# @!attribute [rw] limit
|
4898
|
-
# The maximum number of objects that you want
|
4899
|
-
#
|
4900
|
-
#
|
4901
|
-
#
|
4900
|
+
# The maximum number of objects that you want WAF to return for this
|
4901
|
+
# request. If more objects are available, in the response, WAF
|
4902
|
+
# provides a `NextMarker` value that you can use in a subsequent call
|
4903
|
+
# to get the next batch of objects.
|
4902
4904
|
# @return [Integer]
|
4903
4905
|
#
|
4904
4906
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListWebACLsRequest AWS API Documentation
|
@@ -4914,9 +4916,9 @@ module Aws::WAFV2
|
|
4914
4916
|
# @!attribute [rw] next_marker
|
4915
4917
|
# When you request a list of objects with a `Limit` setting, if the
|
4916
4918
|
# number of objects that are still available for retrieval exceeds the
|
4917
|
-
# limit,
|
4918
|
-
#
|
4919
|
-
#
|
4919
|
+
# limit, WAF returns a `NextMarker` value in the response. To retrieve
|
4920
|
+
# the next batch of objects, provide the marker from the prior call in
|
4921
|
+
# your next request.
|
4920
4922
|
# @return [String]
|
4921
4923
|
#
|
4922
4924
|
# @!attribute [rw] web_acls
|
@@ -4932,10 +4934,10 @@ module Aws::WAFV2
|
|
4932
4934
|
end
|
4933
4935
|
|
4934
4936
|
# Defines an association between Amazon Kinesis Data Firehose
|
4935
|
-
# destinations and a web ACL resource, for logging from
|
4936
|
-
#
|
4937
|
-
#
|
4938
|
-
#
|
4937
|
+
# destinations and a web ACL resource, for logging from WAF. As part of
|
4938
|
+
# the association, you can specify parts of the standard logging fields
|
4939
|
+
# to keep out of the logs and you can specify filters so that you log
|
4940
|
+
# only a subset of the logging records.
|
4939
4941
|
#
|
4940
4942
|
# @note When making an API call, you may pass LoggingConfiguration
|
4941
4943
|
# data as a hash:
|
@@ -5016,9 +5018,9 @@ module Aws::WAFV2
|
|
5016
5018
|
# @return [Array<Types::FieldToMatch>]
|
5017
5019
|
#
|
5018
5020
|
# @!attribute [rw] managed_by_firewall_manager
|
5019
|
-
# Indicates whether the logging configuration was created by
|
5020
|
-
#
|
5021
|
-
#
|
5021
|
+
# Indicates whether the logging configuration was created by Firewall
|
5022
|
+
# Manager, as part of an WAF policy configuration. If true, only
|
5023
|
+
# Firewall Manager can modify or delete the configuration.
|
5022
5024
|
# @return [Boolean]
|
5023
5025
|
#
|
5024
5026
|
# @!attribute [rw] logging_filter
|
@@ -5092,7 +5094,7 @@ module Aws::WAFV2
|
|
5092
5094
|
# rule group in this statement. You can retrieve the required names by
|
5093
5095
|
# calling ListAvailableManagedRuleGroups.
|
5094
5096
|
#
|
5095
|
-
# You
|
5097
|
+
# You cannot nest a `ManagedRuleGroupStatement`, for example for use
|
5096
5098
|
# inside a `NotStatement` or `OrStatement`. It can only be referenced as
|
5097
5099
|
# a top-level statement within a rule.
|
5098
5100
|
#
|
@@ -5140,7 +5142,7 @@ module Aws::WAFV2
|
|
5140
5142
|
# text_transformations: [ # required
|
5141
5143
|
# {
|
5142
5144
|
# priority: 1, # required
|
5143
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5145
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5144
5146
|
# },
|
5145
5147
|
# ],
|
5146
5148
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -5176,7 +5178,7 @@ module Aws::WAFV2
|
|
5176
5178
|
# text_transformations: [ # required
|
5177
5179
|
# {
|
5178
5180
|
# priority: 1, # required
|
5179
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5181
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5180
5182
|
# },
|
5181
5183
|
# ],
|
5182
5184
|
# },
|
@@ -5211,7 +5213,7 @@ module Aws::WAFV2
|
|
5211
5213
|
# text_transformations: [ # required
|
5212
5214
|
# {
|
5213
5215
|
# priority: 1, # required
|
5214
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5216
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5215
5217
|
# },
|
5216
5218
|
# ],
|
5217
5219
|
# },
|
@@ -5248,7 +5250,7 @@ module Aws::WAFV2
|
|
5248
5250
|
# text_transformations: [ # required
|
5249
5251
|
# {
|
5250
5252
|
# priority: 1, # required
|
5251
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5253
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5252
5254
|
# },
|
5253
5255
|
# ],
|
5254
5256
|
# },
|
@@ -5307,7 +5309,7 @@ module Aws::WAFV2
|
|
5307
5309
|
# text_transformations: [ # required
|
5308
5310
|
# {
|
5309
5311
|
# priority: 1, # required
|
5310
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5312
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5311
5313
|
# },
|
5312
5314
|
# ],
|
5313
5315
|
# },
|
@@ -5377,8 +5379,12 @@ module Aws::WAFV2
|
|
5377
5379
|
# @return [Array<Types::ExcludedRule>]
|
5378
5380
|
#
|
5379
5381
|
# @!attribute [rw] scope_down_statement
|
5380
|
-
#
|
5381
|
-
#
|
5382
|
+
# An optional nested statement that narrows the scope of the web
|
5383
|
+
# requests that are evaluated by the managed rule group. Requests are
|
5384
|
+
# only evaluated by the rule group if they match the scope-down
|
5385
|
+
# statement. You can use any nestable Statement in the scope-down
|
5386
|
+
# statement, and you can nest statements at any level, the same as you
|
5387
|
+
# can for a rule statement.
|
5382
5388
|
# @return [Types::Statement]
|
5383
5389
|
#
|
5384
5390
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupStatement AWS API Documentation
|
@@ -5396,9 +5402,9 @@ module Aws::WAFV2
|
|
5396
5402
|
# ListAvailableManagedRuleGroups. This provides information like the
|
5397
5403
|
# name and vendor name, that you provide when you add a
|
5398
5404
|
# ManagedRuleGroupStatement to a web ACL. Managed rule groups include
|
5399
|
-
#
|
5400
|
-
# customers, and
|
5401
|
-
# subscribe to through
|
5405
|
+
# Amazon Web Services Managed Rules rule groups, which are free of
|
5406
|
+
# charge to WAF customers, and Marketplace managed rule groups, which
|
5407
|
+
# you can subscribe to through Marketplace.
|
5402
5408
|
#
|
5403
5409
|
# @!attribute [rw] vendor_name
|
5404
5410
|
# The name of the managed rule group vendor. You use this, along with
|
@@ -5411,8 +5417,8 @@ module Aws::WAFV2
|
|
5411
5417
|
# @return [String]
|
5412
5418
|
#
|
5413
5419
|
# @!attribute [rw] description
|
5414
|
-
# The description of the managed rule group, provided by
|
5415
|
-
# Rules or the
|
5420
|
+
# The description of the managed rule group, provided by Amazon Web
|
5421
|
+
# Services Managed Rules or the Marketplace seller who manages it.
|
5416
5422
|
# @return [String]
|
5417
5423
|
#
|
5418
5424
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
|
@@ -5428,7 +5434,7 @@ module Aws::WAFV2
|
|
5428
5434
|
# The HTTP method of a web request. The method indicates the type of
|
5429
5435
|
# operation that the request is asking the origin to perform.
|
5430
5436
|
#
|
5431
|
-
# This is used only to indicate the web request component for
|
5437
|
+
# This is used only to indicate the web request component for WAF to
|
5432
5438
|
# inspect, in the FieldToMatch specification.
|
5433
5439
|
#
|
5434
5440
|
# @api private
|
@@ -5437,8 +5443,8 @@ module Aws::WAFV2
|
|
5437
5443
|
#
|
5438
5444
|
class Method < Aws::EmptyStructure; end
|
5439
5445
|
|
5440
|
-
# Specifies that
|
5441
|
-
#
|
5446
|
+
# Specifies that WAF should do nothing. This is generally used to try
|
5447
|
+
# out a rule without performing any actions. You set the
|
5442
5448
|
# `OverrideAction` on the Rule.
|
5443
5449
|
#
|
5444
5450
|
# This is used in the context of other settings, for example to specify
|
@@ -5490,7 +5496,7 @@ module Aws::WAFV2
|
|
5490
5496
|
# text_transformations: [ # required
|
5491
5497
|
# {
|
5492
5498
|
# priority: 1, # required
|
5493
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5499
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5494
5500
|
# },
|
5495
5501
|
# ],
|
5496
5502
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -5526,7 +5532,7 @@ module Aws::WAFV2
|
|
5526
5532
|
# text_transformations: [ # required
|
5527
5533
|
# {
|
5528
5534
|
# priority: 1, # required
|
5529
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5535
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5530
5536
|
# },
|
5531
5537
|
# ],
|
5532
5538
|
# },
|
@@ -5561,7 +5567,7 @@ module Aws::WAFV2
|
|
5561
5567
|
# text_transformations: [ # required
|
5562
5568
|
# {
|
5563
5569
|
# priority: 1, # required
|
5564
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5570
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5565
5571
|
# },
|
5566
5572
|
# ],
|
5567
5573
|
# },
|
@@ -5598,7 +5604,7 @@ module Aws::WAFV2
|
|
5598
5604
|
# text_transformations: [ # required
|
5599
5605
|
# {
|
5600
5606
|
# priority: 1, # required
|
5601
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5607
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5602
5608
|
# },
|
5603
5609
|
# ],
|
5604
5610
|
# },
|
@@ -5657,7 +5663,7 @@ module Aws::WAFV2
|
|
5657
5663
|
# text_transformations: [ # required
|
5658
5664
|
# {
|
5659
5665
|
# priority: 1, # required
|
5660
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5666
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5661
5667
|
# },
|
5662
5668
|
# ],
|
5663
5669
|
# },
|
@@ -5764,7 +5770,7 @@ module Aws::WAFV2
|
|
5764
5770
|
# text_transformations: [ # required
|
5765
5771
|
# {
|
5766
5772
|
# priority: 1, # required
|
5767
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5773
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5768
5774
|
# },
|
5769
5775
|
# ],
|
5770
5776
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -5800,7 +5806,7 @@ module Aws::WAFV2
|
|
5800
5806
|
# text_transformations: [ # required
|
5801
5807
|
# {
|
5802
5808
|
# priority: 1, # required
|
5803
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5809
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5804
5810
|
# },
|
5805
5811
|
# ],
|
5806
5812
|
# },
|
@@ -5835,7 +5841,7 @@ module Aws::WAFV2
|
|
5835
5841
|
# text_transformations: [ # required
|
5836
5842
|
# {
|
5837
5843
|
# priority: 1, # required
|
5838
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5844
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5839
5845
|
# },
|
5840
5846
|
# ],
|
5841
5847
|
# },
|
@@ -5872,7 +5878,7 @@ module Aws::WAFV2
|
|
5872
5878
|
# text_transformations: [ # required
|
5873
5879
|
# {
|
5874
5880
|
# priority: 1, # required
|
5875
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5881
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5876
5882
|
# },
|
5877
5883
|
# ],
|
5878
5884
|
# },
|
@@ -5931,7 +5937,7 @@ module Aws::WAFV2
|
|
5931
5937
|
# text_transformations: [ # required
|
5932
5938
|
# {
|
5933
5939
|
# priority: 1, # required
|
5934
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
5940
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
5935
5941
|
# },
|
5936
5942
|
# ],
|
5937
5943
|
# },
|
@@ -6154,8 +6160,8 @@ module Aws::WAFV2
|
|
6154
6160
|
# * `Effect` must specify `Allow`.
|
6155
6161
|
#
|
6156
6162
|
# * `Action` must specify `wafv2:CreateWebACL`, `wafv2:UpdateWebACL`,
|
6157
|
-
# and `wafv2:PutFirewallManagerRuleGroups`.
|
6158
|
-
#
|
6163
|
+
# and `wafv2:PutFirewallManagerRuleGroups`. WAF rejects any extra
|
6164
|
+
# actions or wildcard actions in the policy.
|
6159
6165
|
#
|
6160
6166
|
# * The policy must not include a `Resource` parameter.
|
6161
6167
|
#
|
@@ -6182,7 +6188,7 @@ module Aws::WAFV2
|
|
6182
6188
|
# The query string of a web request. This is the part of a URL that
|
6183
6189
|
# appears after a `?` character, if any.
|
6184
6190
|
#
|
6185
|
-
# This is used only to indicate the web request component for
|
6191
|
+
# This is used only to indicate the web request component for WAF to
|
6186
6192
|
# inspect, in the FieldToMatch specification.
|
6187
6193
|
#
|
6188
6194
|
# @api private
|
@@ -6197,8 +6203,8 @@ module Aws::WAFV2
|
|
6197
6203
|
# You can use this to put a temporary block on requests from an IP
|
6198
6204
|
# address that is sending excessive requests.
|
6199
6205
|
#
|
6200
|
-
# When the rule action triggers,
|
6201
|
-
#
|
6206
|
+
# When the rule action triggers, WAF blocks additional requests from the
|
6207
|
+
# IP address until the request rate falls below the limit.
|
6202
6208
|
#
|
6203
6209
|
# You can optionally nest another statement inside the rate-based
|
6204
6210
|
# statement, to narrow the scope of the rule so that it only counts
|
@@ -6263,7 +6269,7 @@ module Aws::WAFV2
|
|
6263
6269
|
# text_transformations: [ # required
|
6264
6270
|
# {
|
6265
6271
|
# priority: 1, # required
|
6266
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6272
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6267
6273
|
# },
|
6268
6274
|
# ],
|
6269
6275
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -6299,7 +6305,7 @@ module Aws::WAFV2
|
|
6299
6305
|
# text_transformations: [ # required
|
6300
6306
|
# {
|
6301
6307
|
# priority: 1, # required
|
6302
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6308
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6303
6309
|
# },
|
6304
6310
|
# ],
|
6305
6311
|
# },
|
@@ -6334,7 +6340,7 @@ module Aws::WAFV2
|
|
6334
6340
|
# text_transformations: [ # required
|
6335
6341
|
# {
|
6336
6342
|
# priority: 1, # required
|
6337
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6343
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6338
6344
|
# },
|
6339
6345
|
# ],
|
6340
6346
|
# },
|
@@ -6371,7 +6377,7 @@ module Aws::WAFV2
|
|
6371
6377
|
# text_transformations: [ # required
|
6372
6378
|
# {
|
6373
6379
|
# priority: 1, # required
|
6374
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6380
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6375
6381
|
# },
|
6376
6382
|
# ],
|
6377
6383
|
# },
|
@@ -6430,7 +6436,7 @@ module Aws::WAFV2
|
|
6430
6436
|
# text_transformations: [ # required
|
6431
6437
|
# {
|
6432
6438
|
# priority: 1, # required
|
6433
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6439
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6434
6440
|
# },
|
6435
6441
|
# ],
|
6436
6442
|
# },
|
@@ -6506,10 +6512,12 @@ module Aws::WAFV2
|
|
6506
6512
|
# @return [String]
|
6507
6513
|
#
|
6508
6514
|
# @!attribute [rw] scope_down_statement
|
6509
|
-
# An optional nested statement that narrows the scope of the
|
6510
|
-
#
|
6511
|
-
#
|
6512
|
-
#
|
6515
|
+
# An optional nested statement that narrows the scope of the web
|
6516
|
+
# requests that are evaluated by the rate-based statement. Requests
|
6517
|
+
# are only tracked by the rate-based statement if they match the
|
6518
|
+
# scope-down statement. You can use any nestable Statement in the
|
6519
|
+
# scope-down statement, and you can nest statements at any level, the
|
6520
|
+
# same as you can for a rule statement.
|
6513
6521
|
# @return [Types::Statement]
|
6514
6522
|
#
|
6515
6523
|
# @!attribute [rw] forwarded_ip_config
|
@@ -6518,8 +6526,8 @@ module Aws::WAFV2
|
|
6518
6526
|
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
6519
6527
|
# header, but you can specify any header name.
|
6520
6528
|
#
|
6521
|
-
# <note markdown="1"> If the specified header isn't present in the request,
|
6522
|
-
#
|
6529
|
+
# <note markdown="1"> If the specified header isn't present in the request, WAF doesn't
|
6530
|
+
# apply the rule to the web request at all.
|
6523
6531
|
#
|
6524
6532
|
# </note>
|
6525
6533
|
#
|
@@ -6579,8 +6587,8 @@ module Aws::WAFV2
|
|
6579
6587
|
|
6580
6588
|
# Contains one or more regular expressions.
|
6581
6589
|
#
|
6582
|
-
#
|
6583
|
-
#
|
6590
|
+
# WAF assigns an ARN to each `RegexPatternSet` that you create. To use a
|
6591
|
+
# set in a rule, you provide the ARN to the Rule statement
|
6584
6592
|
# RegexPatternSetReferenceStatement.
|
6585
6593
|
#
|
6586
6594
|
# @!attribute [rw] name
|
@@ -6628,8 +6636,7 @@ module Aws::WAFV2
|
|
6628
6636
|
# Each regex pattern set rule statement references a regex pattern set.
|
6629
6637
|
# You create and maintain the set independent of your rules. This allows
|
6630
6638
|
# you to use the single set in multiple rules. When you update the
|
6631
|
-
# referenced set,
|
6632
|
-
# it.
|
6639
|
+
# referenced set, WAF automatically updates all rules that reference it.
|
6633
6640
|
#
|
6634
6641
|
# @note When making an API call, you may pass RegexPatternSetReferenceStatement
|
6635
6642
|
# data as a hash:
|
@@ -6666,7 +6673,7 @@ module Aws::WAFV2
|
|
6666
6673
|
# text_transformations: [ # required
|
6667
6674
|
# {
|
6668
6675
|
# priority: 1, # required
|
6669
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6676
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6670
6677
|
# },
|
6671
6678
|
# ],
|
6672
6679
|
# }
|
@@ -6677,14 +6684,14 @@ module Aws::WAFV2
|
|
6677
6684
|
# @return [String]
|
6678
6685
|
#
|
6679
6686
|
# @!attribute [rw] field_to_match
|
6680
|
-
# The part of a web request that you want
|
6687
|
+
# The part of a web request that you want WAF to inspect. For more
|
6681
6688
|
# information, see FieldToMatch.
|
6682
6689
|
# @return [Types::FieldToMatch]
|
6683
6690
|
#
|
6684
6691
|
# @!attribute [rw] text_transformations
|
6685
6692
|
# Text transformations eliminate some of the unusual formatting that
|
6686
6693
|
# attackers use in web requests in an effort to bypass detection. If
|
6687
|
-
# you specify one or more transformations in a rule statement,
|
6694
|
+
# you specify one or more transformations in a rule statement, WAF
|
6688
6695
|
# performs all transformations on the content of the request component
|
6689
6696
|
# identified by `FieldToMatch`, starting from the lowest priority
|
6690
6697
|
# setting, before inspecting the content for a match.
|
@@ -6722,14 +6729,14 @@ module Aws::WAFV2
|
|
6722
6729
|
# @return [String]
|
6723
6730
|
#
|
6724
6731
|
# @!attribute [rw] lock_token
|
6725
|
-
# A token used for optimistic locking.
|
6726
|
-
#
|
6727
|
-
#
|
6732
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
6733
|
+
# and list requests, to mark the state of the entity at the time of
|
6734
|
+
# the request. To make changes to the entity associated with the
|
6728
6735
|
# token, you provide the token to operations like update and delete.
|
6729
|
-
#
|
6730
|
-
#
|
6731
|
-
#
|
6732
|
-
#
|
6736
|
+
# WAF uses the token to ensure that no changes have been made to the
|
6737
|
+
# entity since you last retrieved it. If a change has been made, the
|
6738
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
6739
|
+
# perform another get, and use the new token returned by that
|
6733
6740
|
# operation.
|
6734
6741
|
# @return [String]
|
6735
6742
|
#
|
@@ -6751,9 +6758,8 @@ module Aws::WAFV2
|
|
6751
6758
|
|
6752
6759
|
# A single rule, which you can use in a WebACL or RuleGroup to identify
|
6753
6760
|
# web requests that you want to allow, block, or count. Each rule
|
6754
|
-
# includes one top-level Statement that
|
6755
|
-
#
|
6756
|
-
# them.
|
6761
|
+
# includes one top-level Statement that WAF uses to identify matching
|
6762
|
+
# web requests, and parameters that govern how WAF handles them.
|
6757
6763
|
#
|
6758
6764
|
# @note When making an API call, you may pass Rule
|
6759
6765
|
# data as a hash:
|
@@ -6794,7 +6800,7 @@ module Aws::WAFV2
|
|
6794
6800
|
# text_transformations: [ # required
|
6795
6801
|
# {
|
6796
6802
|
# priority: 1, # required
|
6797
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6803
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6798
6804
|
# },
|
6799
6805
|
# ],
|
6800
6806
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -6830,7 +6836,7 @@ module Aws::WAFV2
|
|
6830
6836
|
# text_transformations: [ # required
|
6831
6837
|
# {
|
6832
6838
|
# priority: 1, # required
|
6833
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6839
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6834
6840
|
# },
|
6835
6841
|
# ],
|
6836
6842
|
# },
|
@@ -6865,7 +6871,7 @@ module Aws::WAFV2
|
|
6865
6871
|
# text_transformations: [ # required
|
6866
6872
|
# {
|
6867
6873
|
# priority: 1, # required
|
6868
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6874
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6869
6875
|
# },
|
6870
6876
|
# ],
|
6871
6877
|
# },
|
@@ -6902,7 +6908,7 @@ module Aws::WAFV2
|
|
6902
6908
|
# text_transformations: [ # required
|
6903
6909
|
# {
|
6904
6910
|
# priority: 1, # required
|
6905
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6911
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6906
6912
|
# },
|
6907
6913
|
# ],
|
6908
6914
|
# },
|
@@ -6961,7 +6967,7 @@ module Aws::WAFV2
|
|
6961
6967
|
# text_transformations: [ # required
|
6962
6968
|
# {
|
6963
6969
|
# priority: 1, # required
|
6964
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
6970
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
6965
6971
|
# },
|
6966
6972
|
# ],
|
6967
6973
|
# },
|
@@ -7078,22 +7084,22 @@ module Aws::WAFV2
|
|
7078
7084
|
# @return [String]
|
7079
7085
|
#
|
7080
7086
|
# @!attribute [rw] priority
|
7081
|
-
# If you define more than one `Rule` in a `WebACL`,
|
7082
|
-
#
|
7083
|
-
# `Priority`.
|
7087
|
+
# If you define more than one `Rule` in a `WebACL`, WAF evaluates each
|
7088
|
+
# request against the `Rules` in order based on the value of
|
7089
|
+
# `Priority`. WAF processes rules with lower priority first. The
|
7084
7090
|
# priorities don't need to be consecutive, but they must all be
|
7085
7091
|
# different.
|
7086
7092
|
# @return [Integer]
|
7087
7093
|
#
|
7088
7094
|
# @!attribute [rw] statement
|
7089
|
-
# The
|
7095
|
+
# The WAF processing statement for the rule, for example
|
7090
7096
|
# ByteMatchStatement or SizeConstraintStatement.
|
7091
7097
|
# @return [Types::Statement]
|
7092
7098
|
#
|
7093
7099
|
# @!attribute [rw] action
|
7094
|
-
# The action that
|
7095
|
-
#
|
7096
|
-
#
|
7100
|
+
# The action that WAF should take on a web request when it matches the
|
7101
|
+
# rule statement. Settings at the web ACL level can override the rule
|
7102
|
+
# action setting.
|
7097
7103
|
#
|
7098
7104
|
# This is used only for rules whose statements do not reference a rule
|
7099
7105
|
# group. Rule statements that reference a rule group include
|
@@ -7130,9 +7136,9 @@ module Aws::WAFV2
|
|
7130
7136
|
#
|
7131
7137
|
# @!attribute [rw] rule_labels
|
7132
7138
|
# Labels to apply to web requests that match the rule match statement.
|
7133
|
-
#
|
7134
|
-
#
|
7135
|
-
#
|
7139
|
+
# WAF applies fully qualified labels to matching web requests. A fully
|
7140
|
+
# qualified label is the concatenation of a label namespace and a rule
|
7141
|
+
# label. The rule's rule group or web ACL defines the label
|
7136
7142
|
# namespace.
|
7137
7143
|
#
|
7138
7144
|
# Rules that run after this rule in the web ACL can match against
|
@@ -7173,7 +7179,7 @@ module Aws::WAFV2
|
|
7173
7179
|
include Aws::Structure
|
7174
7180
|
end
|
7175
7181
|
|
7176
|
-
# The action that
|
7182
|
+
# The action that WAF should take on a web request when it matches a
|
7177
7183
|
# rule's statement. Settings at the web ACL level can override the rule
|
7178
7184
|
# action setting.
|
7179
7185
|
#
|
@@ -7216,15 +7222,15 @@ module Aws::WAFV2
|
|
7216
7222
|
# }
|
7217
7223
|
#
|
7218
7224
|
# @!attribute [rw] block
|
7219
|
-
# Instructs
|
7225
|
+
# Instructs WAF to block the web request.
|
7220
7226
|
# @return [Types::BlockAction]
|
7221
7227
|
#
|
7222
7228
|
# @!attribute [rw] allow
|
7223
|
-
# Instructs
|
7229
|
+
# Instructs WAF to allow the web request.
|
7224
7230
|
# @return [Types::AllowAction]
|
7225
7231
|
#
|
7226
7232
|
# @!attribute [rw] count
|
7227
|
-
# Instructs
|
7233
|
+
# Instructs WAF to count the web request and allow it.
|
7228
7234
|
# @return [Types::CountAction]
|
7229
7235
|
#
|
7230
7236
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleAction AWS API Documentation
|
@@ -7259,11 +7265,11 @@ module Aws::WAFV2
|
|
7259
7265
|
#
|
7260
7266
|
# When you create your own rule group, you define this, and you cannot
|
7261
7267
|
# change it after creation. When you add or modify the rules in a rule
|
7262
|
-
# group,
|
7263
|
-
#
|
7268
|
+
# group, WAF enforces this limit. You can check the capacity for a set
|
7269
|
+
# of rules using CheckCapacity.
|
7264
7270
|
#
|
7265
|
-
#
|
7266
|
-
#
|
7271
|
+
# WAF uses WCUs to calculate and control the operating resources that
|
7272
|
+
# are used to run your rules, rule groups, and web ACLs. WAF
|
7267
7273
|
# calculates capacity differently for each rule type, to reflect the
|
7268
7274
|
# relative cost of each rule. Simple rules that cost little to run use
|
7269
7275
|
# fewer WCUs than more complex rules that use more processing power.
|
@@ -7283,8 +7289,8 @@ module Aws::WAFV2
|
|
7283
7289
|
# @!attribute [rw] rules
|
7284
7290
|
# The Rule statements used to identify the web requests that you want
|
7285
7291
|
# to allow, block, or count. Each rule includes one top-level
|
7286
|
-
# statement that
|
7287
|
-
# parameters that govern how
|
7292
|
+
# statement that WAF uses to identify matching web requests, and
|
7293
|
+
# parameters that govern how WAF handles them.
|
7288
7294
|
# @return [Array<Types::Rule>]
|
7289
7295
|
#
|
7290
7296
|
# @!attribute [rw] visibility_config
|
@@ -7301,11 +7307,10 @@ module Aws::WAFV2
|
|
7301
7307
|
#
|
7302
7308
|
# `awswaf:<account ID>:rulegroup:<rule group name>:`
|
7303
7309
|
#
|
7304
|
-
# * When a rule with a label matches a web request,
|
7305
|
-
#
|
7306
|
-
#
|
7307
|
-
#
|
7308
|
-
# by a colon:
|
7310
|
+
# * When a rule with a label matches a web request, WAF adds the fully
|
7311
|
+
# qualified label to the request. A fully qualified label is made up
|
7312
|
+
# of the label namespace from the rule group or web ACL where the
|
7313
|
+
# rule is defined and the label from the rule, separated by a colon:
|
7309
7314
|
#
|
7310
7315
|
# `<label namespace>:<label from rule>`
|
7311
7316
|
# @return [String]
|
@@ -7317,12 +7322,12 @@ module Aws::WAFV2
|
|
7317
7322
|
# the rules that you define in the rule group.
|
7318
7323
|
#
|
7319
7324
|
# For information about customizing web requests and responses, see
|
7320
|
-
# [Customizing web requests and responses in
|
7321
|
-
#
|
7325
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
7326
|
+
# Developer Guide][2].
|
7322
7327
|
#
|
7323
7328
|
# For information about the limits on count and size for custom
|
7324
|
-
# request and response settings, see [
|
7325
|
-
#
|
7329
|
+
# request and response settings, see [WAF quotas][3] in the [WAF
|
7330
|
+
# Developer Guide][2].
|
7326
7331
|
#
|
7327
7332
|
#
|
7328
7333
|
#
|
@@ -7333,7 +7338,8 @@ module Aws::WAFV2
|
|
7333
7338
|
#
|
7334
7339
|
# @!attribute [rw] available_labels
|
7335
7340
|
# The labels that one or more rules in this rule group add to matching
|
7336
|
-
# web
|
7341
|
+
# web requests. These labels are defined in the `RuleLabels` for a
|
7342
|
+
# Rule.
|
7337
7343
|
# @return [Array<Types::LabelSummary>]
|
7338
7344
|
#
|
7339
7345
|
# @!attribute [rw] consumed_labels
|
@@ -7387,7 +7393,7 @@ module Aws::WAFV2
|
|
7387
7393
|
#
|
7388
7394
|
# @!attribute [rw] excluded_rules
|
7389
7395
|
# The names of rules that are in the referenced rule group, but that
|
7390
|
-
# you want
|
7396
|
+
# you want WAF to exclude from processing for this rule statement.
|
7391
7397
|
# @return [Array<Types::ExcludedRule>]
|
7392
7398
|
#
|
7393
7399
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleGroupReferenceStatement AWS API Documentation
|
@@ -7421,14 +7427,14 @@ module Aws::WAFV2
|
|
7421
7427
|
# @return [String]
|
7422
7428
|
#
|
7423
7429
|
# @!attribute [rw] lock_token
|
7424
|
-
# A token used for optimistic locking.
|
7425
|
-
#
|
7426
|
-
#
|
7430
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
7431
|
+
# and list requests, to mark the state of the entity at the time of
|
7432
|
+
# the request. To make changes to the entity associated with the
|
7427
7433
|
# token, you provide the token to operations like update and delete.
|
7428
|
-
#
|
7429
|
-
#
|
7430
|
-
#
|
7431
|
-
#
|
7434
|
+
# WAF uses the token to ensure that no changes have been made to the
|
7435
|
+
# entity since you last retrieved it. If a change has been made, the
|
7436
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
7437
|
+
# perform another get, and use the new token returned by that
|
7432
7438
|
# operation.
|
7433
7439
|
# @return [String]
|
7434
7440
|
#
|
@@ -7459,8 +7465,8 @@ module Aws::WAFV2
|
|
7459
7465
|
# @return [String]
|
7460
7466
|
#
|
7461
7467
|
# @!attribute [rw] action
|
7462
|
-
# The action that
|
7463
|
-
#
|
7468
|
+
# The action that WAF should take on a web request when it matches a
|
7469
|
+
# rule's statement. Settings at the web ACL level can override the
|
7464
7470
|
# rule action setting.
|
7465
7471
|
# @return [Types::RuleAction]
|
7466
7472
|
#
|
@@ -7491,8 +7497,8 @@ module Aws::WAFV2
|
|
7491
7497
|
# @return [Integer]
|
7492
7498
|
#
|
7493
7499
|
# @!attribute [rw] timestamp
|
7494
|
-
# The time at which
|
7495
|
-
# resource, in Unix time format (in seconds).
|
7500
|
+
# The time at which WAF received the request from your Amazon Web
|
7501
|
+
# Services resource, in Unix time format (in seconds).
|
7496
7502
|
# @return [Time]
|
7497
7503
|
#
|
7498
7504
|
# @!attribute [rw] action
|
@@ -7509,9 +7515,8 @@ module Aws::WAFV2
|
|
7509
7515
|
# @return [String]
|
7510
7516
|
#
|
7511
7517
|
# @!attribute [rw] request_headers_inserted
|
7512
|
-
# Custom request headers inserted by
|
7513
|
-
#
|
7514
|
-
# action.
|
7518
|
+
# Custom request headers inserted by WAF into the request, according
|
7519
|
+
# to the custom request configuration for the matching rule action.
|
7515
7520
|
# @return [Array<Types::HTTPHeader>]
|
7516
7521
|
#
|
7517
7522
|
# @!attribute [rw] response_code_sent
|
@@ -7519,7 +7524,7 @@ module Aws::WAFV2
|
|
7519
7524
|
# @return [Integer]
|
7520
7525
|
#
|
7521
7526
|
# @!attribute [rw] labels
|
7522
|
-
# Labels applied to the web request by matching rules.
|
7527
|
+
# Labels applied to the web request by matching rules. WAF applies
|
7523
7528
|
# fully qualified labels to matching web requests. A fully qualified
|
7524
7529
|
# label is the concatenation of a label namespace and a rule label.
|
7525
7530
|
# The rule's rule group or web ACL defines the label namespace.
|
@@ -7547,7 +7552,7 @@ module Aws::WAFV2
|
|
7547
7552
|
# One of the headers in a web request, identified by name, for example,
|
7548
7553
|
# `User-Agent` or `Referer`. This setting isn't case sensitive.
|
7549
7554
|
#
|
7550
|
-
# This is used only to indicate the web request component for
|
7555
|
+
# This is used only to indicate the web request component for WAF to
|
7551
7556
|
# inspect, in the FieldToMatch specification.
|
7552
7557
|
#
|
7553
7558
|
# @note When making an API call, you may pass SingleHeader
|
@@ -7597,11 +7602,10 @@ module Aws::WAFV2
|
|
7597
7602
|
# (>) or less than (<). For example, you can use a size constraint
|
7598
7603
|
# statement to look for query strings that are longer than 100 bytes.
|
7599
7604
|
#
|
7600
|
-
# If you configure
|
7601
|
-
#
|
7602
|
-
#
|
7603
|
-
#
|
7604
|
-
# 8192 bytes.
|
7605
|
+
# If you configure WAF to inspect the request body, WAF inspects only
|
7606
|
+
# the first 8192 bytes (8 KB). If the request body for your web requests
|
7607
|
+
# never exceeds 8192 bytes, you can create a size constraint condition
|
7608
|
+
# and block requests that have a request body greater than 8192 bytes.
|
7605
7609
|
#
|
7606
7610
|
# If you choose URI for the value of Part of the request to filter on,
|
7607
7611
|
# the slash (/) in the URI counts as one character. For example, the URI
|
@@ -7643,13 +7647,13 @@ module Aws::WAFV2
|
|
7643
7647
|
# text_transformations: [ # required
|
7644
7648
|
# {
|
7645
7649
|
# priority: 1, # required
|
7646
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
7650
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
7647
7651
|
# },
|
7648
7652
|
# ],
|
7649
7653
|
# }
|
7650
7654
|
#
|
7651
7655
|
# @!attribute [rw] field_to_match
|
7652
|
-
# The part of a web request that you want
|
7656
|
+
# The part of a web request that you want WAF to inspect. For more
|
7653
7657
|
# information, see FieldToMatch.
|
7654
7658
|
# @return [Types::FieldToMatch]
|
7655
7659
|
#
|
@@ -7665,7 +7669,7 @@ module Aws::WAFV2
|
|
7665
7669
|
# @!attribute [rw] text_transformations
|
7666
7670
|
# Text transformations eliminate some of the unusual formatting that
|
7667
7671
|
# attackers use in web requests in an effort to bypass detection. If
|
7668
|
-
# you specify one or more transformations in a rule statement,
|
7672
|
+
# you specify one or more transformations in a rule statement, WAF
|
7669
7673
|
# performs all transformations on the content of the request component
|
7670
7674
|
# identified by `FieldToMatch`, starting from the lowest priority
|
7671
7675
|
# setting, before inspecting the content for a match.
|
@@ -7687,9 +7691,9 @@ module Aws::WAFV2
|
|
7687
7691
|
# requests that appear to contain malicious SQL code, create one or more
|
7688
7692
|
# SQL injection match conditions. An SQL injection match condition
|
7689
7693
|
# identifies the part of web requests, such as the URI or the query
|
7690
|
-
# string, that you want
|
7691
|
-
#
|
7692
|
-
#
|
7694
|
+
# string, that you want WAF to inspect. Later in the process, when you
|
7695
|
+
# create a web ACL, you specify whether to allow or block requests that
|
7696
|
+
# appear to contain malicious SQL code.
|
7693
7697
|
#
|
7694
7698
|
# @note When making an API call, you may pass SqliMatchStatement
|
7695
7699
|
# data as a hash:
|
@@ -7725,20 +7729,20 @@ module Aws::WAFV2
|
|
7725
7729
|
# text_transformations: [ # required
|
7726
7730
|
# {
|
7727
7731
|
# priority: 1, # required
|
7728
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
7732
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
7729
7733
|
# },
|
7730
7734
|
# ],
|
7731
7735
|
# }
|
7732
7736
|
#
|
7733
7737
|
# @!attribute [rw] field_to_match
|
7734
|
-
# The part of a web request that you want
|
7738
|
+
# The part of a web request that you want WAF to inspect. For more
|
7735
7739
|
# information, see FieldToMatch.
|
7736
7740
|
# @return [Types::FieldToMatch]
|
7737
7741
|
#
|
7738
7742
|
# @!attribute [rw] text_transformations
|
7739
7743
|
# Text transformations eliminate some of the unusual formatting that
|
7740
7744
|
# attackers use in web requests in an effort to bypass detection. If
|
7741
|
-
# you specify one or more transformations in a rule statement,
|
7745
|
+
# you specify one or more transformations in a rule statement, WAF
|
7742
7746
|
# performs all transformations on the content of the request component
|
7743
7747
|
# identified by `FieldToMatch`, starting from the lowest priority
|
7744
7748
|
# setting, before inspecting the content for a match.
|
@@ -7753,8 +7757,8 @@ module Aws::WAFV2
|
|
7753
7757
|
include Aws::Structure
|
7754
7758
|
end
|
7755
7759
|
|
7756
|
-
# The processing guidance for a Rule, used by
|
7757
|
-
#
|
7760
|
+
# The processing guidance for a Rule, used by WAF to determine whether a
|
7761
|
+
# web request matches the rule.
|
7758
7762
|
#
|
7759
7763
|
# @note When making an API call, you may pass Statement
|
7760
7764
|
# data as a hash:
|
@@ -7792,7 +7796,7 @@ module Aws::WAFV2
|
|
7792
7796
|
# text_transformations: [ # required
|
7793
7797
|
# {
|
7794
7798
|
# priority: 1, # required
|
7795
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
7799
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
7796
7800
|
# },
|
7797
7801
|
# ],
|
7798
7802
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -7828,7 +7832,7 @@ module Aws::WAFV2
|
|
7828
7832
|
# text_transformations: [ # required
|
7829
7833
|
# {
|
7830
7834
|
# priority: 1, # required
|
7831
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
7835
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
7832
7836
|
# },
|
7833
7837
|
# ],
|
7834
7838
|
# },
|
@@ -7863,7 +7867,7 @@ module Aws::WAFV2
|
|
7863
7867
|
# text_transformations: [ # required
|
7864
7868
|
# {
|
7865
7869
|
# priority: 1, # required
|
7866
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
7870
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
7867
7871
|
# },
|
7868
7872
|
# ],
|
7869
7873
|
# },
|
@@ -7900,7 +7904,7 @@ module Aws::WAFV2
|
|
7900
7904
|
# text_transformations: [ # required
|
7901
7905
|
# {
|
7902
7906
|
# priority: 1, # required
|
7903
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
7907
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
7904
7908
|
# },
|
7905
7909
|
# ],
|
7906
7910
|
# },
|
@@ -7959,7 +7963,7 @@ module Aws::WAFV2
|
|
7959
7963
|
# text_transformations: [ # required
|
7960
7964
|
# {
|
7961
7965
|
# priority: 1, # required
|
7962
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
7966
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
7963
7967
|
# },
|
7964
7968
|
# ],
|
7965
7969
|
# },
|
@@ -7999,7 +8003,7 @@ module Aws::WAFV2
|
|
7999
8003
|
# text_transformations: [ # required
|
8000
8004
|
# {
|
8001
8005
|
# priority: 1, # required
|
8002
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8006
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8003
8007
|
# },
|
8004
8008
|
# ],
|
8005
8009
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -8035,7 +8039,7 @@ module Aws::WAFV2
|
|
8035
8039
|
# text_transformations: [ # required
|
8036
8040
|
# {
|
8037
8041
|
# priority: 1, # required
|
8038
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8042
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8039
8043
|
# },
|
8040
8044
|
# ],
|
8041
8045
|
# },
|
@@ -8070,7 +8074,7 @@ module Aws::WAFV2
|
|
8070
8074
|
# text_transformations: [ # required
|
8071
8075
|
# {
|
8072
8076
|
# priority: 1, # required
|
8073
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8077
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8074
8078
|
# },
|
8075
8079
|
# ],
|
8076
8080
|
# },
|
@@ -8107,7 +8111,7 @@ module Aws::WAFV2
|
|
8107
8111
|
# text_transformations: [ # required
|
8108
8112
|
# {
|
8109
8113
|
# priority: 1, # required
|
8110
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8114
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8111
8115
|
# },
|
8112
8116
|
# ],
|
8113
8117
|
# },
|
@@ -8166,7 +8170,7 @@ module Aws::WAFV2
|
|
8166
8170
|
# text_transformations: [ # required
|
8167
8171
|
# {
|
8168
8172
|
# priority: 1, # required
|
8169
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8173
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8170
8174
|
# },
|
8171
8175
|
# ],
|
8172
8176
|
# },
|
@@ -8249,7 +8253,7 @@ module Aws::WAFV2
|
|
8249
8253
|
# text_transformations: [ # required
|
8250
8254
|
# {
|
8251
8255
|
# priority: 1, # required
|
8252
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8256
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8253
8257
|
# },
|
8254
8258
|
# ],
|
8255
8259
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -8285,7 +8289,7 @@ module Aws::WAFV2
|
|
8285
8289
|
# text_transformations: [ # required
|
8286
8290
|
# {
|
8287
8291
|
# priority: 1, # required
|
8288
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8292
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8289
8293
|
# },
|
8290
8294
|
# ],
|
8291
8295
|
# },
|
@@ -8320,7 +8324,7 @@ module Aws::WAFV2
|
|
8320
8324
|
# text_transformations: [ # required
|
8321
8325
|
# {
|
8322
8326
|
# priority: 1, # required
|
8323
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8327
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8324
8328
|
# },
|
8325
8329
|
# ],
|
8326
8330
|
# },
|
@@ -8357,7 +8361,7 @@ module Aws::WAFV2
|
|
8357
8361
|
# text_transformations: [ # required
|
8358
8362
|
# {
|
8359
8363
|
# priority: 1, # required
|
8360
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8364
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8361
8365
|
# },
|
8362
8366
|
# ],
|
8363
8367
|
# },
|
@@ -8416,7 +8420,7 @@ module Aws::WAFV2
|
|
8416
8420
|
# text_transformations: [ # required
|
8417
8421
|
# {
|
8418
8422
|
# priority: 1, # required
|
8419
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8423
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8420
8424
|
# },
|
8421
8425
|
# ],
|
8422
8426
|
# },
|
@@ -8498,7 +8502,7 @@ module Aws::WAFV2
|
|
8498
8502
|
# text_transformations: [ # required
|
8499
8503
|
# {
|
8500
8504
|
# priority: 1, # required
|
8501
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8505
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8502
8506
|
# },
|
8503
8507
|
# ],
|
8504
8508
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -8534,7 +8538,7 @@ module Aws::WAFV2
|
|
8534
8538
|
# text_transformations: [ # required
|
8535
8539
|
# {
|
8536
8540
|
# priority: 1, # required
|
8537
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8541
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8538
8542
|
# },
|
8539
8543
|
# ],
|
8540
8544
|
# },
|
@@ -8569,7 +8573,7 @@ module Aws::WAFV2
|
|
8569
8573
|
# text_transformations: [ # required
|
8570
8574
|
# {
|
8571
8575
|
# priority: 1, # required
|
8572
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8576
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8573
8577
|
# },
|
8574
8578
|
# ],
|
8575
8579
|
# },
|
@@ -8606,7 +8610,7 @@ module Aws::WAFV2
|
|
8606
8610
|
# text_transformations: [ # required
|
8607
8611
|
# {
|
8608
8612
|
# priority: 1, # required
|
8609
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8613
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8610
8614
|
# },
|
8611
8615
|
# ],
|
8612
8616
|
# },
|
@@ -8665,7 +8669,7 @@ module Aws::WAFV2
|
|
8665
8669
|
# text_transformations: [ # required
|
8666
8670
|
# {
|
8667
8671
|
# priority: 1, # required
|
8668
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8672
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8669
8673
|
# },
|
8670
8674
|
# ],
|
8671
8675
|
# },
|
@@ -8746,7 +8750,7 @@ module Aws::WAFV2
|
|
8746
8750
|
# text_transformations: [ # required
|
8747
8751
|
# {
|
8748
8752
|
# priority: 1, # required
|
8749
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8753
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8750
8754
|
# },
|
8751
8755
|
# ],
|
8752
8756
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -8782,7 +8786,7 @@ module Aws::WAFV2
|
|
8782
8786
|
# text_transformations: [ # required
|
8783
8787
|
# {
|
8784
8788
|
# priority: 1, # required
|
8785
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8789
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8786
8790
|
# },
|
8787
8791
|
# ],
|
8788
8792
|
# },
|
@@ -8817,7 +8821,7 @@ module Aws::WAFV2
|
|
8817
8821
|
# text_transformations: [ # required
|
8818
8822
|
# {
|
8819
8823
|
# priority: 1, # required
|
8820
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8824
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8821
8825
|
# },
|
8822
8826
|
# ],
|
8823
8827
|
# },
|
@@ -8854,7 +8858,7 @@ module Aws::WAFV2
|
|
8854
8858
|
# text_transformations: [ # required
|
8855
8859
|
# {
|
8856
8860
|
# priority: 1, # required
|
8857
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8861
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8858
8862
|
# },
|
8859
8863
|
# ],
|
8860
8864
|
# },
|
@@ -8913,7 +8917,7 @@ module Aws::WAFV2
|
|
8913
8917
|
# text_transformations: [ # required
|
8914
8918
|
# {
|
8915
8919
|
# priority: 1, # required
|
8916
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
8920
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
8917
8921
|
# },
|
8918
8922
|
# ],
|
8919
8923
|
# },
|
@@ -9004,7 +9008,7 @@ module Aws::WAFV2
|
|
9004
9008
|
# text_transformations: [ # required
|
9005
9009
|
# {
|
9006
9010
|
# priority: 1, # required
|
9007
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
9011
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9008
9012
|
# },
|
9009
9013
|
# ],
|
9010
9014
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -9040,7 +9044,7 @@ module Aws::WAFV2
|
|
9040
9044
|
# text_transformations: [ # required
|
9041
9045
|
# {
|
9042
9046
|
# priority: 1, # required
|
9043
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
9047
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9044
9048
|
# },
|
9045
9049
|
# ],
|
9046
9050
|
# },
|
@@ -9075,7 +9079,7 @@ module Aws::WAFV2
|
|
9075
9079
|
# text_transformations: [ # required
|
9076
9080
|
# {
|
9077
9081
|
# priority: 1, # required
|
9078
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
9082
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9079
9083
|
# },
|
9080
9084
|
# ],
|
9081
9085
|
# },
|
@@ -9112,7 +9116,7 @@ module Aws::WAFV2
|
|
9112
9116
|
# text_transformations: [ # required
|
9113
9117
|
# {
|
9114
9118
|
# priority: 1, # required
|
9115
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
9119
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9116
9120
|
# },
|
9117
9121
|
# ],
|
9118
9122
|
# },
|
@@ -9171,7 +9175,7 @@ module Aws::WAFV2
|
|
9171
9175
|
# text_transformations: [ # required
|
9172
9176
|
# {
|
9173
9177
|
# priority: 1, # required
|
9174
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
9178
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9175
9179
|
# },
|
9176
9180
|
# ],
|
9177
9181
|
# },
|
@@ -9221,13 +9225,12 @@ module Aws::WAFV2
|
|
9221
9225
|
# }
|
9222
9226
|
#
|
9223
9227
|
# @!attribute [rw] byte_match_statement
|
9224
|
-
# A rule statement that defines a string match search for
|
9225
|
-
#
|
9226
|
-
#
|
9227
|
-
#
|
9228
|
-
#
|
9229
|
-
#
|
9230
|
-
# match statement.
|
9228
|
+
# A rule statement that defines a string match search for WAF to apply
|
9229
|
+
# to web requests. The byte match statement provides the bytes to
|
9230
|
+
# search for, the location in requests that you want WAF to search,
|
9231
|
+
# and other settings. The bytes to search for are typically a string
|
9232
|
+
# that corresponds with ASCII characters. In the WAF console and the
|
9233
|
+
# developer guide, this is refered to as a string match statement.
|
9231
9234
|
# @return [Types::ByteMatchStatement]
|
9232
9235
|
#
|
9233
9236
|
# @!attribute [rw] sqli_match_statement
|
@@ -9236,20 +9239,20 @@ module Aws::WAFV2
|
|
9236
9239
|
# requests that appear to contain malicious SQL code, create one or
|
9237
9240
|
# more SQL injection match conditions. An SQL injection match
|
9238
9241
|
# condition identifies the part of web requests, such as the URI or
|
9239
|
-
# the query string, that you want
|
9242
|
+
# the query string, that you want WAF to inspect. Later in the
|
9240
9243
|
# process, when you create a web ACL, you specify whether to allow or
|
9241
9244
|
# block requests that appear to contain malicious SQL code.
|
9242
9245
|
# @return [Types::SqliMatchStatement]
|
9243
9246
|
#
|
9244
9247
|
# @!attribute [rw] xss_match_statement
|
9245
9248
|
# A rule statement that defines a cross-site scripting (XSS) match
|
9246
|
-
# search for
|
9247
|
-
#
|
9248
|
-
#
|
9249
|
-
#
|
9250
|
-
#
|
9251
|
-
#
|
9252
|
-
#
|
9249
|
+
# search for WAF to apply to web requests. XSS attacks are those where
|
9250
|
+
# the attacker uses vulnerabilities in a benign website as a vehicle
|
9251
|
+
# to inject malicious client-site scripts into other legitimate web
|
9252
|
+
# browsers. The XSS match statement provides the location in requests
|
9253
|
+
# that you want WAF to search and text transformations to use on the
|
9254
|
+
# search area before WAF searches for character sequences that are
|
9255
|
+
# likely to be malicious strings.
|
9253
9256
|
# @return [Types::XssMatchStatement]
|
9254
9257
|
#
|
9255
9258
|
# @!attribute [rw] size_constraint_statement
|
@@ -9259,11 +9262,11 @@ module Aws::WAFV2
|
|
9259
9262
|
# constraint statement to look for query strings that are longer than
|
9260
9263
|
# 100 bytes.
|
9261
9264
|
#
|
9262
|
-
# If you configure
|
9263
|
-
#
|
9264
|
-
#
|
9265
|
-
#
|
9266
|
-
#
|
9265
|
+
# If you configure WAF to inspect the request body, WAF inspects only
|
9266
|
+
# the first 8192 bytes (8 KB). If the request body for your web
|
9267
|
+
# requests never exceeds 8192 bytes, you can create a size constraint
|
9268
|
+
# condition and block requests that have a request body greater than
|
9269
|
+
# 8192 bytes.
|
9267
9270
|
#
|
9268
9271
|
# If you choose URI for the value of Part of the request to filter on,
|
9269
9272
|
# the slash (/) in the URI counts as one character. For example, the
|
@@ -9294,7 +9297,7 @@ module Aws::WAFV2
|
|
9294
9297
|
# Each IP set rule statement references an IP set. You create and
|
9295
9298
|
# maintain the set independent of your rules. This allows you to use
|
9296
9299
|
# the single set in multiple rules. When you update the referenced
|
9297
|
-
# set,
|
9300
|
+
# set, WAF automatically updates all rules that reference it.
|
9298
9301
|
# @return [Types::IPSetReferenceStatement]
|
9299
9302
|
#
|
9300
9303
|
# @!attribute [rw] regex_pattern_set_reference_statement
|
@@ -9309,7 +9312,7 @@ module Aws::WAFV2
|
|
9309
9312
|
# Each regex pattern set rule statement references a regex pattern
|
9310
9313
|
# set. You create and maintain the set independent of your rules. This
|
9311
9314
|
# allows you to use the single set in multiple rules. When you update
|
9312
|
-
# the referenced set,
|
9315
|
+
# the referenced set, WAF automatically updates all rules that
|
9313
9316
|
# reference it.
|
9314
9317
|
# @return [Types::RegexPatternSetReferenceStatement]
|
9315
9318
|
#
|
@@ -9320,8 +9323,8 @@ module Aws::WAFV2
|
|
9320
9323
|
# time span. You can use this to put a temporary block on requests
|
9321
9324
|
# from an IP address that is sending excessive requests.
|
9322
9325
|
#
|
9323
|
-
# When the rule action triggers,
|
9324
|
-
#
|
9326
|
+
# When the rule action triggers, WAF blocks additional requests from
|
9327
|
+
# the IP address until the request rate falls below the limit.
|
9325
9328
|
#
|
9326
9329
|
# You can optionally nest another statement inside the rate-based
|
9327
9330
|
# statement, to narrow the scope of the rule so that it only counts
|
@@ -9371,7 +9374,7 @@ module Aws::WAFV2
|
|
9371
9374
|
# rule group in this statement. You can retrieve the required names by
|
9372
9375
|
# calling ListAvailableManagedRuleGroups.
|
9373
9376
|
#
|
9374
|
-
# You
|
9377
|
+
# You cannot nest a `ManagedRuleGroupStatement`, for example for use
|
9375
9378
|
# inside a `NotStatement` or `OrStatement`. It can only be referenced
|
9376
9379
|
# as a top-level statement within a rule.
|
9377
9380
|
# @return [Types::ManagedRuleGroupStatement]
|
@@ -9387,9 +9390,8 @@ module Aws::WAFV2
|
|
9387
9390
|
# Fully qualified labels have a prefix, optional namespaces, and label
|
9388
9391
|
# name. The prefix identifies the rule group or web ACL context of the
|
9389
9392
|
# rule that added the label. If you do not provide the fully qualified
|
9390
|
-
# name in your label match string,
|
9391
|
-
#
|
9392
|
-
# statement.
|
9393
|
+
# name in your label match string, WAF performs the search for labels
|
9394
|
+
# that were added in the same context as the label match statement.
|
9393
9395
|
# @return [Types::LabelMatchStatement]
|
9394
9396
|
#
|
9395
9397
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Statement AWS API Documentation
|
@@ -9413,19 +9415,19 @@ module Aws::WAFV2
|
|
9413
9415
|
include Aws::Structure
|
9414
9416
|
end
|
9415
9417
|
|
9416
|
-
# A tag associated with an
|
9417
|
-
# you can use to categorize and manage your
|
9418
|
-
# billing or other management. Typically,
|
9419
|
-
# category, such as "environment", and the
|
9420
|
-
# specific value within that category, such as
|
9421
|
-
# "development," or "production". Or you might set the tag
|
9422
|
-
# "customer" and the value to the customer name or ID. You can
|
9423
|
-
# one or more tags to add to each
|
9424
|
-
# resource.
|
9418
|
+
# A tag associated with an Amazon Web Services resource. Tags are
|
9419
|
+
# key:value pairs that you can use to categorize and manage your
|
9420
|
+
# resources, for purposes like billing or other management. Typically,
|
9421
|
+
# the tag key represents a category, such as "environment", and the
|
9422
|
+
# tag value represents a specific value within that category, such as
|
9423
|
+
# "test," "development," or "production". Or you might set the tag
|
9424
|
+
# key to "customer" and the value to the customer name or ID. You can
|
9425
|
+
# specify one or more tags to add to each Amazon Web Services resource,
|
9426
|
+
# up to 50 tags for a resource.
|
9425
9427
|
#
|
9426
|
-
# You can tag the
|
9427
|
-
# ACLs, rule groups, IP sets, and regex pattern sets. You
|
9428
|
-
# or view tags through the
|
9428
|
+
# You can tag the Amazon Web Services resources that you manage through
|
9429
|
+
# WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You
|
9430
|
+
# can't manage or view tags through the WAF console.
|
9429
9431
|
#
|
9430
9432
|
# @note When making an API call, you may pass Tag
|
9431
9433
|
# data as a hash:
|
@@ -9456,19 +9458,19 @@ module Aws::WAFV2
|
|
9456
9458
|
include Aws::Structure
|
9457
9459
|
end
|
9458
9460
|
|
9459
|
-
# The collection of tagging definitions for an
|
9460
|
-
# key:value pairs that you can use to categorize and
|
9461
|
-
# resources, for purposes like billing or other management.
|
9462
|
-
# the tag key represents a category, such as "environment",
|
9463
|
-
# tag value represents a specific value within that category,
|
9464
|
-
# "test," "development," or "production". Or you might set
|
9465
|
-
# key to "customer" and the value to the customer name or ID.
|
9466
|
-
# specify one or more tags to add to each
|
9467
|
-
# for a resource.
|
9461
|
+
# The collection of tagging definitions for an Amazon Web Services
|
9462
|
+
# resource. Tags are key:value pairs that you can use to categorize and
|
9463
|
+
# manage your resources, for purposes like billing or other management.
|
9464
|
+
# Typically, the tag key represents a category, such as "environment",
|
9465
|
+
# and the tag value represents a specific value within that category,
|
9466
|
+
# such as "test," "development," or "production". Or you might set
|
9467
|
+
# the tag key to "customer" and the value to the customer name or ID.
|
9468
|
+
# You can specify one or more tags to add to each Amazon Web Services
|
9469
|
+
# resource, up to 50 tags for a resource.
|
9468
9470
|
#
|
9469
|
-
# You can tag the
|
9470
|
-
# ACLs, rule groups, IP sets, and regex pattern sets. You
|
9471
|
-
# or view tags through the
|
9471
|
+
# You can tag the Amazon Web Services resources that you manage through
|
9472
|
+
# WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You
|
9473
|
+
# can't manage or view tags through the WAF console.
|
9472
9474
|
#
|
9473
9475
|
# @!attribute [rw] resource_arn
|
9474
9476
|
# The Amazon Resource Name (ARN) of the resource.
|
@@ -9529,60 +9531,77 @@ module Aws::WAFV2
|
|
9529
9531
|
#
|
9530
9532
|
# {
|
9531
9533
|
# priority: 1, # required
|
9532
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
9534
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9533
9535
|
# }
|
9534
9536
|
#
|
9535
9537
|
# @!attribute [rw] priority
|
9536
9538
|
# Sets the relative processing order for multiple transformations that
|
9537
|
-
# are defined for a rule statement.
|
9538
|
-
#
|
9539
|
-
#
|
9540
|
-
#
|
9539
|
+
# are defined for a rule statement. WAF processes all transformations,
|
9540
|
+
# from lowest priority to highest, before inspecting the transformed
|
9541
|
+
# content. The priorities don't need to be consecutive, but they must
|
9542
|
+
# all be different.
|
9541
9543
|
# @return [Integer]
|
9542
9544
|
#
|
9543
9545
|
# @!attribute [rw] type
|
9544
9546
|
# You can specify the following transformation types:
|
9545
9547
|
#
|
9546
|
-
# **
|
9548
|
+
# **BASE64\_DECODE** - Decode a `Base64`-encoded string.
|
9547
9549
|
#
|
9548
|
-
#
|
9549
|
-
#
|
9550
|
-
#
|
9551
|
-
# transformations:
|
9550
|
+
# **BASE64\_DECODE\_EXT** - Decode a `Base64`-encoded string, but use
|
9551
|
+
# a forgiving implementation that ignores characters that aren't
|
9552
|
+
# valid.
|
9552
9553
|
#
|
9553
|
-
#
|
9554
|
+
# **CMD\_LINE** - Command-line transformations. These are helpful in
|
9555
|
+
# reducing effectiveness of attackers who inject an operating system
|
9556
|
+
# command-line command and use unusual formatting to disguise some or
|
9557
|
+
# all of the command.
|
9554
9558
|
#
|
9555
|
-
# * Delete
|
9559
|
+
# * Delete the following characters: `\ " ' ^`
|
9556
9560
|
#
|
9557
|
-
# *
|
9561
|
+
# * Delete spaces before the following characters: `/ (`
|
9562
|
+
#
|
9563
|
+
# * Replace the following characters with a space: `, ;`
|
9558
9564
|
#
|
9559
9565
|
# * Replace multiple spaces with one space
|
9560
9566
|
#
|
9561
9567
|
# * Convert uppercase letters (A-Z) to lowercase (a-z)
|
9562
9568
|
#
|
9563
|
-
# **COMPRESS\_WHITE\_SPACE**
|
9564
|
-
#
|
9565
|
-
# Use this option to replace the following characters with a space
|
9569
|
+
# **COMPRESS\_WHITE\_SPACE** - Replace these characters with a space
|
9566
9570
|
# character (decimal 32):
|
9567
9571
|
#
|
9568
|
-
# *
|
9572
|
+
# * `\f`, formfeed, decimal 12
|
9569
9573
|
#
|
9570
|
-
# *
|
9574
|
+
# * `\t`, tab, decimal 9
|
9571
9575
|
#
|
9572
|
-
# *
|
9576
|
+
# * `\n`, newline, decimal 10
|
9573
9577
|
#
|
9574
|
-
# *
|
9578
|
+
# * `\r`, carriage return, decimal 13
|
9575
9579
|
#
|
9576
|
-
# *
|
9580
|
+
# * `\v`, vertical tab, decimal 11
|
9577
9581
|
#
|
9578
|
-
# *
|
9582
|
+
# * Non-breaking space, decimal 160
|
9579
9583
|
#
|
9580
9584
|
# `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
|
9581
9585
|
#
|
9582
|
-
# **
|
9586
|
+
# **CSS\_DECODE** - Decode characters that were encoded using CSS 2.x
|
9587
|
+
# escape rules `syndata.html#characters`. This function uses up to two
|
9588
|
+
# bytes in the decoding process, so it can help to uncover ASCII
|
9589
|
+
# characters that were encoded using CSS encoding that wouldn’t
|
9590
|
+
# typically be encoded. It's also useful in countering evasion, which
|
9591
|
+
# is a combination of a backslash and non-hexadecimal characters. For
|
9592
|
+
# example, `ja\vascript` for javascript.
|
9583
9593
|
#
|
9584
|
-
#
|
9585
|
-
#
|
9594
|
+
# **ESCAPE\_SEQ\_DECODE** - Decode the following ANSI C escape
|
9595
|
+
# sequences: `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`,
|
9596
|
+
# `'`, `"`, `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that
|
9597
|
+
# aren't valid remain in the output.
|
9598
|
+
#
|
9599
|
+
# **HEX\_DECODE** - Decode a string of hexadecimal characters into a
|
9600
|
+
# binary.
|
9601
|
+
#
|
9602
|
+
# **HTML\_ENTITY\_DECODE** - Replace HTML-encoded characters with
|
9603
|
+
# unencoded characters. `HTML_ENTITY_DECODE` performs these
|
9604
|
+
# operations:
|
9586
9605
|
#
|
9587
9606
|
# * Replaces `(ampersand)quot;` with `"`
|
9588
9607
|
#
|
@@ -9598,18 +9617,54 @@ module Aws::WAFV2
|
|
9598
9617
|
# * Replaces characters that are represented in decimal format,
|
9599
9618
|
# `(ampersand)#nnnn;`, with the corresponding characters
|
9600
9619
|
#
|
9601
|
-
# **
|
9620
|
+
# **JS\_DECODE** - Decode JavaScript escape sequences. If a `` `u`
|
9621
|
+
# `HHHH` code is in the full-width ASCII code range of `FF01-FF5E`,
|
9622
|
+
# then the higher byte is used to detect and adjust the lower byte. If
|
9623
|
+
# not, only the lower byte is used and the higher byte is zeroed,
|
9624
|
+
# causing a possible loss of information.
|
9625
|
+
#
|
9626
|
+
# **LOWERCASE** - Convert uppercase letters (A-Z) to lowercase (a-z).
|
9627
|
+
#
|
9628
|
+
# **MD5** - Calculate an MD5 hash from the data in the input. The
|
9629
|
+
# computed hash is in a raw binary form.
|
9630
|
+
#
|
9631
|
+
# **NONE** - Specify `NONE` if you don't want any text
|
9632
|
+
# transformations.
|
9633
|
+
#
|
9634
|
+
# **NORMALIZE\_PATH** - Remove multiple slashes, directory
|
9635
|
+
# self-references, and directory back-references that are not at the
|
9636
|
+
# beginning of the input from an input string.
|
9637
|
+
#
|
9638
|
+
# **NORMALIZE\_PATH\_WIN** - This is the same as `NORMALIZE_PATH`, but
|
9639
|
+
# first converts backslash characters to forward slashes.
|
9640
|
+
#
|
9641
|
+
# **REMOVE\_NULLS** - Remove all `NULL` bytes from the input.
|
9602
9642
|
#
|
9603
|
-
#
|
9604
|
-
# (a
|
9643
|
+
# **REPLACE\_COMMENTS** - Replace each occurrence of a C-style comment
|
9644
|
+
# (`/* ... */`) with a single space. Multiple consecutive occurrences
|
9645
|
+
# are not compressed. Unterminated comments are also replaced with a
|
9646
|
+
# space (ASCII 0x20). However, a standalone termination of a comment
|
9647
|
+
# (`*/`) is not acted upon.
|
9605
9648
|
#
|
9606
|
-
# **
|
9649
|
+
# **REPLACE\_NULLS** - Replace NULL bytes in the input with space
|
9650
|
+
# characters (ASCII `0x20`).
|
9607
9651
|
#
|
9608
|
-
#
|
9652
|
+
# **SQL\_HEX\_DECODE** - Decode the following ANSI C escape sequences:
|
9653
|
+
# `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`, `'`, `"`,
|
9654
|
+
# `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that aren't valid
|
9655
|
+
# remain in the output.
|
9609
9656
|
#
|
9610
|
-
# **
|
9657
|
+
# **URL\_DECODE** - Decode a URL-encoded value.
|
9611
9658
|
#
|
9612
|
-
#
|
9659
|
+
# **URL\_DECODE\_UNI** - Like `URL_DECODE`, but with support for
|
9660
|
+
# Microsoft-specific `%u` encoding. If the code is in the full-width
|
9661
|
+
# ASCII code range of `FF01-FF5E`, the higher byte is used to detect
|
9662
|
+
# and adjust the lower byte. Otherwise, only the lower byte is used
|
9663
|
+
# and the higher byte is zeroed.
|
9664
|
+
#
|
9665
|
+
# **UTF8\_TO\_UNICODE** - Convert all UTF-8 character sequences to
|
9666
|
+
# Unicode. This helps input normalization, and minimizing
|
9667
|
+
# false-positives and false-negatives for non-English languages.
|
9613
9668
|
# @return [String]
|
9614
9669
|
#
|
9615
9670
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TextTransformation AWS API Documentation
|
@@ -9622,8 +9677,8 @@ module Aws::WAFV2
|
|
9622
9677
|
end
|
9623
9678
|
|
9624
9679
|
# In a GetSampledRequests request, the `StartTime` and `EndTime` objects
|
9625
|
-
# specify the time range for which you want
|
9626
|
-
#
|
9680
|
+
# specify the time range for which you want WAF to return a sample of
|
9681
|
+
# web requests.
|
9627
9682
|
#
|
9628
9683
|
# You must specify the times in Coordinated Universal Time (UTC) format.
|
9629
9684
|
# UTC format includes the special designator, `Z`. For example,
|
@@ -9631,12 +9686,12 @@ module Aws::WAFV2
|
|
9631
9686
|
# three hours.
|
9632
9687
|
#
|
9633
9688
|
# In a GetSampledRequests response, the `StartTime` and `EndTime`
|
9634
|
-
# objects specify the time range for which
|
9635
|
-
# sample of web requests.
|
9636
|
-
#
|
9637
|
-
# during the specified time period. If your resource receives
|
9638
|
-
# 5,000 requests during that period,
|
9639
|
-
# 5,000th request. In that case, `EndTime` is the time that
|
9689
|
+
# objects specify the time range for which WAF actually returned a
|
9690
|
+
# sample of web requests. WAF gets the specified number of requests from
|
9691
|
+
# among the first 5,000 requests that your Amazon Web Services resource
|
9692
|
+
# receives during the specified time period. If your resource receives
|
9693
|
+
# more than 5,000 requests during that period, WAF stops sampling after
|
9694
|
+
# the 5,000th request. In that case, `EndTime` is the time that WAF
|
9640
9695
|
# received the 5,000th request.
|
9641
9696
|
#
|
9642
9697
|
# @note When making an API call, you may pass TimeWindow
|
@@ -9650,19 +9705,19 @@ module Aws::WAFV2
|
|
9650
9705
|
# @!attribute [rw] start_time
|
9651
9706
|
# The beginning of the time range from which you want
|
9652
9707
|
# `GetSampledRequests` to return a sample of the requests that your
|
9653
|
-
#
|
9654
|
-
# Universal Time (UTC) format. UTC format includes the
|
9655
|
-
# designator, `Z`. For example, `"2016-09-27T14:50Z"`. You can
|
9656
|
-
# any time range in the previous three hours.
|
9708
|
+
# Amazon Web Services resource received. You must specify the times in
|
9709
|
+
# Coordinated Universal Time (UTC) format. UTC format includes the
|
9710
|
+
# special designator, `Z`. For example, `"2016-09-27T14:50Z"`. You can
|
9711
|
+
# specify any time range in the previous three hours.
|
9657
9712
|
# @return [Time]
|
9658
9713
|
#
|
9659
9714
|
# @!attribute [rw] end_time
|
9660
9715
|
# The end of the time range from which you want `GetSampledRequests`
|
9661
|
-
# to return a sample of the requests that your
|
9662
|
-
# You must specify the times in Coordinated
|
9663
|
-
# format. UTC format includes the special
|
9664
|
-
# example, `"2016-09-27T14:50Z"`. You can specify
|
9665
|
-
# the previous three hours.
|
9716
|
+
# to return a sample of the requests that your Amazon Web Services
|
9717
|
+
# resource received. You must specify the times in Coordinated
|
9718
|
+
# Universal Time (UTC) format. UTC format includes the special
|
9719
|
+
# designator, `Z`. For example, `"2016-09-27T14:50Z"`. You can specify
|
9720
|
+
# any time range in the previous three hours.
|
9666
9721
|
# @return [Time]
|
9667
9722
|
#
|
9668
9723
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TimeWindow AWS API Documentation
|
@@ -9722,10 +9777,10 @@ module Aws::WAFV2
|
|
9722
9777
|
# @return [String]
|
9723
9778
|
#
|
9724
9779
|
# @!attribute [rw] scope
|
9725
|
-
# Specifies whether this is for an
|
9726
|
-
# a regional application. A regional application can be an
|
9727
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
9728
|
-
# API.
|
9780
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
9781
|
+
# for a regional application. A regional application can be an
|
9782
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
9783
|
+
# an AppSync GraphQL API.
|
9729
9784
|
#
|
9730
9785
|
# To work with CloudFront, you must also specify the Region US East
|
9731
9786
|
# (N. Virginia) as follows:
|
@@ -9749,25 +9804,24 @@ module Aws::WAFV2
|
|
9749
9804
|
# @!attribute [rw] addresses
|
9750
9805
|
# Contains an array of strings that specify one or more IP addresses
|
9751
9806
|
# or blocks of IP addresses in Classless Inter-Domain Routing (CIDR)
|
9752
|
-
# notation.
|
9753
|
-
# /0.
|
9807
|
+
# notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
|
9754
9808
|
#
|
9755
9809
|
# Examples:
|
9756
9810
|
#
|
9757
|
-
# * To configure
|
9811
|
+
# * To configure WAF to allow, block, or count requests that
|
9758
9812
|
# originated from the IP address 192.0.2.44, specify
|
9759
9813
|
# `192.0.2.44/32`.
|
9760
9814
|
#
|
9761
|
-
# * To configure
|
9815
|
+
# * To configure WAF to allow, block, or count requests that
|
9762
9816
|
# originated from IP addresses from 192.0.2.0 to 192.0.2.255,
|
9763
9817
|
# specify `192.0.2.0/24`.
|
9764
9818
|
#
|
9765
|
-
# * To configure
|
9819
|
+
# * To configure WAF to allow, block, or count requests that
|
9766
9820
|
# originated from the IP address
|
9767
9821
|
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
9768
9822
|
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
9769
9823
|
#
|
9770
|
-
# * To configure
|
9824
|
+
# * To configure WAF to allow, block, or count requests that
|
9771
9825
|
# originated from IP addresses
|
9772
9826
|
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
9773
9827
|
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
@@ -9782,14 +9836,14 @@ module Aws::WAFV2
|
|
9782
9836
|
# @return [Array<String>]
|
9783
9837
|
#
|
9784
9838
|
# @!attribute [rw] lock_token
|
9785
|
-
# A token used for optimistic locking.
|
9786
|
-
#
|
9787
|
-
#
|
9839
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
9840
|
+
# and list requests, to mark the state of the entity at the time of
|
9841
|
+
# the request. To make changes to the entity associated with the
|
9788
9842
|
# token, you provide the token to operations like update and delete.
|
9789
|
-
#
|
9790
|
-
#
|
9791
|
-
#
|
9792
|
-
#
|
9843
|
+
# WAF uses the token to ensure that no changes have been made to the
|
9844
|
+
# entity since you last retrieved it. If a change has been made, the
|
9845
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
9846
|
+
# perform another get, and use the new token returned by that
|
9793
9847
|
# operation.
|
9794
9848
|
# @return [String]
|
9795
9849
|
#
|
@@ -9807,9 +9861,9 @@ module Aws::WAFV2
|
|
9807
9861
|
end
|
9808
9862
|
|
9809
9863
|
# @!attribute [rw] next_lock_token
|
9810
|
-
# A token used for optimistic locking.
|
9811
|
-
#
|
9812
|
-
#
|
9864
|
+
# A token used for optimistic locking. WAF returns this token to your
|
9865
|
+
# update requests. You use `NextLockToken` in the same manner as you
|
9866
|
+
# use `LockToken`.
|
9813
9867
|
# @return [String]
|
9814
9868
|
#
|
9815
9869
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateIPSetResponse AWS API Documentation
|
@@ -9842,10 +9896,10 @@ module Aws::WAFV2
|
|
9842
9896
|
# @return [String]
|
9843
9897
|
#
|
9844
9898
|
# @!attribute [rw] scope
|
9845
|
-
# Specifies whether this is for an
|
9846
|
-
# a regional application. A regional application can be an
|
9847
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
9848
|
-
# API.
|
9899
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
9900
|
+
# for a regional application. A regional application can be an
|
9901
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
9902
|
+
# an AppSync GraphQL API.
|
9849
9903
|
#
|
9850
9904
|
# To work with CloudFront, you must also specify the Region US East
|
9851
9905
|
# (N. Virginia) as follows:
|
@@ -9870,14 +9924,14 @@ module Aws::WAFV2
|
|
9870
9924
|
# @return [Array<Types::Regex>]
|
9871
9925
|
#
|
9872
9926
|
# @!attribute [rw] lock_token
|
9873
|
-
# A token used for optimistic locking.
|
9874
|
-
#
|
9875
|
-
#
|
9927
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
9928
|
+
# and list requests, to mark the state of the entity at the time of
|
9929
|
+
# the request. To make changes to the entity associated with the
|
9876
9930
|
# token, you provide the token to operations like update and delete.
|
9877
|
-
#
|
9878
|
-
#
|
9879
|
-
#
|
9880
|
-
#
|
9931
|
+
# WAF uses the token to ensure that no changes have been made to the
|
9932
|
+
# entity since you last retrieved it. If a change has been made, the
|
9933
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
9934
|
+
# perform another get, and use the new token returned by that
|
9881
9935
|
# operation.
|
9882
9936
|
# @return [String]
|
9883
9937
|
#
|
@@ -9895,9 +9949,9 @@ module Aws::WAFV2
|
|
9895
9949
|
end
|
9896
9950
|
|
9897
9951
|
# @!attribute [rw] next_lock_token
|
9898
|
-
# A token used for optimistic locking.
|
9899
|
-
#
|
9900
|
-
#
|
9952
|
+
# A token used for optimistic locking. WAF returns this token to your
|
9953
|
+
# update requests. You use `NextLockToken` in the same manner as you
|
9954
|
+
# use `LockToken`.
|
9901
9955
|
# @return [String]
|
9902
9956
|
#
|
9903
9957
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRegexPatternSetResponse AWS API Documentation
|
@@ -9953,7 +10007,7 @@ module Aws::WAFV2
|
|
9953
10007
|
# text_transformations: [ # required
|
9954
10008
|
# {
|
9955
10009
|
# priority: 1, # required
|
9956
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10010
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9957
10011
|
# },
|
9958
10012
|
# ],
|
9959
10013
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -9989,7 +10043,7 @@ module Aws::WAFV2
|
|
9989
10043
|
# text_transformations: [ # required
|
9990
10044
|
# {
|
9991
10045
|
# priority: 1, # required
|
9992
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10046
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
9993
10047
|
# },
|
9994
10048
|
# ],
|
9995
10049
|
# },
|
@@ -10024,7 +10078,7 @@ module Aws::WAFV2
|
|
10024
10078
|
# text_transformations: [ # required
|
10025
10079
|
# {
|
10026
10080
|
# priority: 1, # required
|
10027
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10081
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10028
10082
|
# },
|
10029
10083
|
# ],
|
10030
10084
|
# },
|
@@ -10061,7 +10115,7 @@ module Aws::WAFV2
|
|
10061
10115
|
# text_transformations: [ # required
|
10062
10116
|
# {
|
10063
10117
|
# priority: 1, # required
|
10064
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10118
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10065
10119
|
# },
|
10066
10120
|
# ],
|
10067
10121
|
# },
|
@@ -10120,7 +10174,7 @@ module Aws::WAFV2
|
|
10120
10174
|
# text_transformations: [ # required
|
10121
10175
|
# {
|
10122
10176
|
# priority: 1, # required
|
10123
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10177
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10124
10178
|
# },
|
10125
10179
|
# ],
|
10126
10180
|
# },
|
@@ -10251,10 +10305,10 @@ module Aws::WAFV2
|
|
10251
10305
|
# @return [String]
|
10252
10306
|
#
|
10253
10307
|
# @!attribute [rw] scope
|
10254
|
-
# Specifies whether this is for an
|
10255
|
-
# a regional application. A regional application can be an
|
10256
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
10257
|
-
# API.
|
10308
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
10309
|
+
# for a regional application. A regional application can be an
|
10310
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
10311
|
+
# an AppSync GraphQL API.
|
10258
10312
|
#
|
10259
10313
|
# To work with CloudFront, you must also specify the Region US East
|
10260
10314
|
# (N. Virginia) as follows:
|
@@ -10278,8 +10332,8 @@ module Aws::WAFV2
|
|
10278
10332
|
# @!attribute [rw] rules
|
10279
10333
|
# The Rule statements used to identify the web requests that you want
|
10280
10334
|
# to allow, block, or count. Each rule includes one top-level
|
10281
|
-
# statement that
|
10282
|
-
# parameters that govern how
|
10335
|
+
# statement that WAF uses to identify matching web requests, and
|
10336
|
+
# parameters that govern how WAF handles them.
|
10283
10337
|
# @return [Array<Types::Rule>]
|
10284
10338
|
#
|
10285
10339
|
# @!attribute [rw] visibility_config
|
@@ -10288,14 +10342,14 @@ module Aws::WAFV2
|
|
10288
10342
|
# @return [Types::VisibilityConfig]
|
10289
10343
|
#
|
10290
10344
|
# @!attribute [rw] lock_token
|
10291
|
-
# A token used for optimistic locking.
|
10292
|
-
#
|
10293
|
-
#
|
10345
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
10346
|
+
# and list requests, to mark the state of the entity at the time of
|
10347
|
+
# the request. To make changes to the entity associated with the
|
10294
10348
|
# token, you provide the token to operations like update and delete.
|
10295
|
-
#
|
10296
|
-
#
|
10297
|
-
#
|
10298
|
-
#
|
10349
|
+
# WAF uses the token to ensure that no changes have been made to the
|
10350
|
+
# entity since you last retrieved it. If a change has been made, the
|
10351
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
10352
|
+
# perform another get, and use the new token returned by that
|
10299
10353
|
# operation.
|
10300
10354
|
# @return [String]
|
10301
10355
|
#
|
@@ -10306,12 +10360,12 @@ module Aws::WAFV2
|
|
10306
10360
|
# the rules that you define in the rule group.
|
10307
10361
|
#
|
10308
10362
|
# For information about customizing web requests and responses, see
|
10309
|
-
# [Customizing web requests and responses in
|
10310
|
-
#
|
10363
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
10364
|
+
# Developer Guide][2].
|
10311
10365
|
#
|
10312
10366
|
# For information about the limits on count and size for custom
|
10313
|
-
# request and response settings, see [
|
10314
|
-
#
|
10367
|
+
# request and response settings, see [WAF quotas][3] in the [WAF
|
10368
|
+
# Developer Guide][2].
|
10315
10369
|
#
|
10316
10370
|
#
|
10317
10371
|
#
|
@@ -10336,9 +10390,9 @@ module Aws::WAFV2
|
|
10336
10390
|
end
|
10337
10391
|
|
10338
10392
|
# @!attribute [rw] next_lock_token
|
10339
|
-
# A token used for optimistic locking.
|
10340
|
-
#
|
10341
|
-
#
|
10393
|
+
# A token used for optimistic locking. WAF returns this token to your
|
10394
|
+
# update requests. You use `NextLockToken` in the same manner as you
|
10395
|
+
# use `LockToken`.
|
10342
10396
|
# @return [String]
|
10343
10397
|
#
|
10344
10398
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRuleGroupResponse AWS API Documentation
|
@@ -10418,7 +10472,7 @@ module Aws::WAFV2
|
|
10418
10472
|
# text_transformations: [ # required
|
10419
10473
|
# {
|
10420
10474
|
# priority: 1, # required
|
10421
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10475
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10422
10476
|
# },
|
10423
10477
|
# ],
|
10424
10478
|
# positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
|
@@ -10454,7 +10508,7 @@ module Aws::WAFV2
|
|
10454
10508
|
# text_transformations: [ # required
|
10455
10509
|
# {
|
10456
10510
|
# priority: 1, # required
|
10457
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10511
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10458
10512
|
# },
|
10459
10513
|
# ],
|
10460
10514
|
# },
|
@@ -10489,7 +10543,7 @@ module Aws::WAFV2
|
|
10489
10543
|
# text_transformations: [ # required
|
10490
10544
|
# {
|
10491
10545
|
# priority: 1, # required
|
10492
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10546
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10493
10547
|
# },
|
10494
10548
|
# ],
|
10495
10549
|
# },
|
@@ -10526,7 +10580,7 @@ module Aws::WAFV2
|
|
10526
10580
|
# text_transformations: [ # required
|
10527
10581
|
# {
|
10528
10582
|
# priority: 1, # required
|
10529
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10583
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10530
10584
|
# },
|
10531
10585
|
# ],
|
10532
10586
|
# },
|
@@ -10585,7 +10639,7 @@ module Aws::WAFV2
|
|
10585
10639
|
# text_transformations: [ # required
|
10586
10640
|
# {
|
10587
10641
|
# priority: 1, # required
|
10588
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
10642
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
10589
10643
|
# },
|
10590
10644
|
# ],
|
10591
10645
|
# },
|
@@ -10711,15 +10765,15 @@ module Aws::WAFV2
|
|
10711
10765
|
# }
|
10712
10766
|
#
|
10713
10767
|
# @!attribute [rw] name
|
10714
|
-
# The name of the
|
10768
|
+
# The name of the web ACL. You cannot change the name of a web ACL
|
10715
10769
|
# after you create it.
|
10716
10770
|
# @return [String]
|
10717
10771
|
#
|
10718
10772
|
# @!attribute [rw] scope
|
10719
|
-
# Specifies whether this is for an
|
10720
|
-
# a regional application. A regional application can be an
|
10721
|
-
# Load Balancer (ALB), an API Gateway REST API, or
|
10722
|
-
# API.
|
10773
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
10774
|
+
# for a regional application. A regional application can be an
|
10775
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, or
|
10776
|
+
# an AppSync GraphQL API.
|
10723
10777
|
#
|
10724
10778
|
# To work with CloudFront, you must also specify the Region US East
|
10725
10779
|
# (N. Virginia) as follows:
|
@@ -10731,7 +10785,7 @@ module Aws::WAFV2
|
|
10731
10785
|
# @return [String]
|
10732
10786
|
#
|
10733
10787
|
# @!attribute [rw] id
|
10734
|
-
# The unique identifier for the
|
10788
|
+
# The unique identifier for the web ACL. This ID is returned in the
|
10735
10789
|
# responses to create and list commands. You provide it to operations
|
10736
10790
|
# like update and delete.
|
10737
10791
|
# @return [String]
|
@@ -10742,14 +10796,14 @@ module Aws::WAFV2
|
|
10742
10796
|
# @return [Types::DefaultAction]
|
10743
10797
|
#
|
10744
10798
|
# @!attribute [rw] description
|
10745
|
-
# A description of the
|
10799
|
+
# A description of the web ACL that helps with identification.
|
10746
10800
|
# @return [String]
|
10747
10801
|
#
|
10748
10802
|
# @!attribute [rw] rules
|
10749
10803
|
# The Rule statements used to identify the web requests that you want
|
10750
10804
|
# to allow, block, or count. Each rule includes one top-level
|
10751
|
-
# statement that
|
10752
|
-
# parameters that govern how
|
10805
|
+
# statement that WAF uses to identify matching web requests, and
|
10806
|
+
# parameters that govern how WAF handles them.
|
10753
10807
|
# @return [Array<Types::Rule>]
|
10754
10808
|
#
|
10755
10809
|
# @!attribute [rw] visibility_config
|
@@ -10758,14 +10812,14 @@ module Aws::WAFV2
|
|
10758
10812
|
# @return [Types::VisibilityConfig]
|
10759
10813
|
#
|
10760
10814
|
# @!attribute [rw] lock_token
|
10761
|
-
# A token used for optimistic locking.
|
10762
|
-
#
|
10763
|
-
#
|
10815
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
10816
|
+
# and list requests, to mark the state of the entity at the time of
|
10817
|
+
# the request. To make changes to the entity associated with the
|
10764
10818
|
# token, you provide the token to operations like update and delete.
|
10765
|
-
#
|
10766
|
-
#
|
10767
|
-
#
|
10768
|
-
#
|
10819
|
+
# WAF uses the token to ensure that no changes have been made to the
|
10820
|
+
# entity since you last retrieved it. If a change has been made, the
|
10821
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
10822
|
+
# perform another get, and use the new token returned by that
|
10769
10823
|
# operation.
|
10770
10824
|
# @return [String]
|
10771
10825
|
#
|
@@ -10776,12 +10830,12 @@ module Aws::WAFV2
|
|
10776
10830
|
# rules and default actions that you define in the web ACL.
|
10777
10831
|
#
|
10778
10832
|
# For information about customizing web requests and responses, see
|
10779
|
-
# [Customizing web requests and responses in
|
10780
|
-
#
|
10833
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
10834
|
+
# Developer Guide][2].
|
10781
10835
|
#
|
10782
10836
|
# For information about the limits on count and size for custom
|
10783
|
-
# request and response settings, see [
|
10784
|
-
#
|
10837
|
+
# request and response settings, see [WAF quotas][3] in the [WAF
|
10838
|
+
# Developer Guide][2].
|
10785
10839
|
#
|
10786
10840
|
#
|
10787
10841
|
#
|
@@ -10807,9 +10861,9 @@ module Aws::WAFV2
|
|
10807
10861
|
end
|
10808
10862
|
|
10809
10863
|
# @!attribute [rw] next_lock_token
|
10810
|
-
# A token used for optimistic locking.
|
10811
|
-
#
|
10812
|
-
#
|
10864
|
+
# A token used for optimistic locking. WAF returns this token to your
|
10865
|
+
# update requests. You use `NextLockToken` in the same manner as you
|
10866
|
+
# use `LockToken`.
|
10813
10867
|
# @return [String]
|
10814
10868
|
#
|
10815
10869
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLResponse AWS API Documentation
|
@@ -10821,10 +10875,10 @@ module Aws::WAFV2
|
|
10821
10875
|
end
|
10822
10876
|
|
10823
10877
|
# The path component of the URI of a web request. This is the part of a
|
10824
|
-
# web request that identifies a resource
|
10878
|
+
# web request that identifies a resource. For example,
|
10825
10879
|
# `/images/daily-ad.jpg`.
|
10826
10880
|
#
|
10827
|
-
# This is used only to indicate the web request component for
|
10881
|
+
# This is used only to indicate the web request component for WAF to
|
10828
10882
|
# inspect, in the FieldToMatch specification.
|
10829
10883
|
#
|
10830
10884
|
# @api private
|
@@ -10846,14 +10900,14 @@ module Aws::WAFV2
|
|
10846
10900
|
# }
|
10847
10901
|
#
|
10848
10902
|
# @!attribute [rw] sampled_requests_enabled
|
10849
|
-
# A boolean indicating whether
|
10850
|
-
#
|
10851
|
-
# through the
|
10903
|
+
# A boolean indicating whether WAF should store a sampling of the web
|
10904
|
+
# requests that match the rules. You can view the sampled requests
|
10905
|
+
# through the WAF console.
|
10852
10906
|
# @return [Boolean]
|
10853
10907
|
#
|
10854
10908
|
# @!attribute [rw] cloud_watch_metrics_enabled
|
10855
10909
|
# A boolean indicating whether the associated resource sends metrics
|
10856
|
-
# to CloudWatch. For the list of available metrics, see [
|
10910
|
+
# to Amazon CloudWatch. For the list of available metrics, see [WAF
|
10857
10911
|
# Metrics][1].
|
10858
10912
|
#
|
10859
10913
|
#
|
@@ -10862,10 +10916,10 @@ module Aws::WAFV2
|
|
10862
10916
|
# @return [Boolean]
|
10863
10917
|
#
|
10864
10918
|
# @!attribute [rw] metric_name
|
10865
|
-
# A name of the CloudWatch metric. The name can contain only
|
10866
|
-
# characters: A-Z, a-z, 0-9, - (hyphen), and \_ (underscore). The
|
10867
|
-
# can be from one to 128 characters long. It can't contain
|
10868
|
-
# or metric names reserved for
|
10919
|
+
# A name of the Amazon CloudWatch metric. The name can contain only
|
10920
|
+
# the characters: A-Z, a-z, 0-9, - (hyphen), and \_ (underscore). The
|
10921
|
+
# name can be from one to 128 characters long. It can't contain
|
10922
|
+
# whitespace or metric names reserved for WAF, for example "All" and
|
10869
10923
|
# "Default\_Action."
|
10870
10924
|
# @return [String]
|
10871
10925
|
#
|
@@ -10879,8 +10933,8 @@ module Aws::WAFV2
|
|
10879
10933
|
include Aws::Structure
|
10880
10934
|
end
|
10881
10935
|
|
10882
|
-
#
|
10883
|
-
#
|
10936
|
+
# WAF couldn’t perform the operation because your resource is being used
|
10937
|
+
# by another resource or it’s associated with another resource.
|
10884
10938
|
#
|
10885
10939
|
# @!attribute [rw] message
|
10886
10940
|
# @return [String]
|
@@ -10893,8 +10947,8 @@ module Aws::WAFV2
|
|
10893
10947
|
include Aws::Structure
|
10894
10948
|
end
|
10895
10949
|
|
10896
|
-
#
|
10897
|
-
#
|
10950
|
+
# WAF couldn’t perform the operation because the resource that you tried
|
10951
|
+
# to save is a duplicate of an existing one.
|
10898
10952
|
#
|
10899
10953
|
# @!attribute [rw] message
|
10900
10954
|
# @return [String]
|
@@ -10907,8 +10961,8 @@ module Aws::WAFV2
|
|
10907
10961
|
include Aws::Structure
|
10908
10962
|
end
|
10909
10963
|
|
10910
|
-
# Your request is valid, but
|
10911
|
-
#
|
10964
|
+
# Your request is valid, but WAF couldn’t perform the operation because
|
10965
|
+
# of a system problem. Retry your request.
|
10912
10966
|
#
|
10913
10967
|
# @!attribute [rw] message
|
10914
10968
|
# @return [String]
|
@@ -10934,10 +10988,10 @@ module Aws::WAFV2
|
|
10934
10988
|
include Aws::Structure
|
10935
10989
|
end
|
10936
10990
|
|
10937
|
-
# The operation failed because
|
10938
|
-
#
|
10991
|
+
# The operation failed because WAF didn't recognize a parameter in the
|
10992
|
+
# request. For example:
|
10939
10993
|
#
|
10940
|
-
# * You specified
|
10994
|
+
# * You specified a parameter name or value that isn't valid.
|
10941
10995
|
#
|
10942
10996
|
# * Your nested statement isn't valid. You might have tried to nest a
|
10943
10997
|
# statement that can’t be nested.
|
@@ -10946,7 +11000,7 @@ module Aws::WAFV2
|
|
10946
11000
|
# among the types available at DefaultAction.
|
10947
11001
|
#
|
10948
11002
|
# * Your request references an ARN that is malformed, or corresponds to
|
10949
|
-
# a resource with which a
|
11003
|
+
# a resource with which a web ACL can't be associated.
|
10950
11004
|
#
|
10951
11005
|
# @!attribute [rw] message
|
10952
11006
|
# @return [String]
|
@@ -10985,7 +11039,7 @@ module Aws::WAFV2
|
|
10985
11039
|
# * `Effect` must specify `Allow`.
|
10986
11040
|
#
|
10987
11041
|
# * `Action` must specify `wafv2:CreateWebACL`, `wafv2:UpdateWebACL`,
|
10988
|
-
# and `wafv2:PutFirewallManagerRuleGroups`.
|
11042
|
+
# and `wafv2:PutFirewallManagerRuleGroups`. WAF rejects any extra
|
10989
11043
|
# actions or wildcard actions in the policy.
|
10990
11044
|
#
|
10991
11045
|
# * The policy must not include a `Resource` parameter.
|
@@ -11007,7 +11061,7 @@ module Aws::WAFV2
|
|
11007
11061
|
include Aws::Structure
|
11008
11062
|
end
|
11009
11063
|
|
11010
|
-
#
|
11064
|
+
# WAF couldn’t perform the operation because the resource that you
|
11011
11065
|
# requested isn’t valid. Check the resource, and try again.
|
11012
11066
|
#
|
11013
11067
|
# @!attribute [rw] message
|
@@ -11021,10 +11075,10 @@ module Aws::WAFV2
|
|
11021
11075
|
include Aws::Structure
|
11022
11076
|
end
|
11023
11077
|
|
11024
|
-
#
|
11025
|
-
#
|
11026
|
-
#
|
11027
|
-
#
|
11078
|
+
# WAF couldn’t perform the operation because you exceeded your resource
|
11079
|
+
# limit. For example, the maximum number of `WebACL` objects that you
|
11080
|
+
# can create for an account. For more information, see [Limits][1] in
|
11081
|
+
# the *WAF Developer Guide*.
|
11028
11082
|
#
|
11029
11083
|
#
|
11030
11084
|
#
|
@@ -11041,7 +11095,7 @@ module Aws::WAFV2
|
|
11041
11095
|
include Aws::Structure
|
11042
11096
|
end
|
11043
11097
|
|
11044
|
-
#
|
11098
|
+
# WAF couldn’t perform the operation because your resource doesn’t
|
11045
11099
|
# exist.
|
11046
11100
|
#
|
11047
11101
|
# @!attribute [rw] message
|
@@ -11055,10 +11109,10 @@ module Aws::WAFV2
|
|
11055
11109
|
include Aws::Structure
|
11056
11110
|
end
|
11057
11111
|
|
11058
|
-
#
|
11059
|
-
#
|
11060
|
-
#
|
11061
|
-
#
|
11112
|
+
# WAF couldn’t save your changes because you tried to update or delete a
|
11113
|
+
# resource that has changed since you last retrieved it. Get the
|
11114
|
+
# resource again, make any changes you need to make to the new copy, and
|
11115
|
+
# retry your operation.
|
11062
11116
|
#
|
11063
11117
|
# @!attribute [rw] message
|
11064
11118
|
# @return [String]
|
@@ -11071,9 +11125,9 @@ module Aws::WAFV2
|
|
11071
11125
|
include Aws::Structure
|
11072
11126
|
end
|
11073
11127
|
|
11074
|
-
#
|
11075
|
-
#
|
11076
|
-
#
|
11128
|
+
# WAF is not able to access the service linked role. This can be caused
|
11129
|
+
# by a previous `PutLoggingConfiguration` request, which can lock the
|
11130
|
+
# service linked role for about 20 seconds. Please try your request
|
11077
11131
|
# again. The service linked role can also be locked by a previous
|
11078
11132
|
# `DeleteServiceLinkedRole` request, which can lock the role for 15
|
11079
11133
|
# minutes or more. If you recently made a call to
|
@@ -11119,7 +11173,7 @@ module Aws::WAFV2
|
|
11119
11173
|
include Aws::Structure
|
11120
11174
|
end
|
11121
11175
|
|
11122
|
-
#
|
11176
|
+
# WAF couldn’t perform your tagging operation because of an internal
|
11123
11177
|
# error. Retry your request.
|
11124
11178
|
#
|
11125
11179
|
# @!attribute [rw] message
|
@@ -11133,7 +11187,7 @@ module Aws::WAFV2
|
|
11133
11187
|
include Aws::Structure
|
11134
11188
|
end
|
11135
11189
|
|
11136
|
-
#
|
11190
|
+
# WAF couldn’t retrieve the resource that you requested. Retry your
|
11137
11191
|
# request.
|
11138
11192
|
#
|
11139
11193
|
# @!attribute [rw] message
|
@@ -11147,18 +11201,19 @@ module Aws::WAFV2
|
|
11147
11201
|
include Aws::Structure
|
11148
11202
|
end
|
11149
11203
|
|
11150
|
-
# A
|
11204
|
+
# A web ACL defines a collection of rules to use to inspect and control
|
11151
11205
|
# web requests. Each rule has an action defined (allow, block, or count)
|
11152
|
-
# for requests that match the statement of the rule. In the
|
11206
|
+
# for requests that match the statement of the rule. In the web ACL, you
|
11153
11207
|
# assign a default action to take (allow, block) for any request that
|
11154
|
-
# does not match any of the rules. The rules in a
|
11208
|
+
# does not match any of the rules. The rules in a web ACL can be a
|
11155
11209
|
# combination of the types Rule, RuleGroup, and managed rule group. You
|
11156
|
-
# can associate a
|
11157
|
-
# resources can be
|
11158
|
-
# Application Load Balancer, or an
|
11210
|
+
# can associate a web ACL with one or more Amazon Web Services resources
|
11211
|
+
# to protect. The resources can be an Amazon CloudFront distribution, an
|
11212
|
+
# Amazon API Gateway REST API, an Application Load Balancer, or an
|
11213
|
+
# AppSync GraphQL API.
|
11159
11214
|
#
|
11160
11215
|
# @!attribute [rw] name
|
11161
|
-
# The name of the
|
11216
|
+
# The name of the web ACL. You cannot change the name of a web ACL
|
11162
11217
|
# after you create it.
|
11163
11218
|
# @return [String]
|
11164
11219
|
#
|
@@ -11169,7 +11224,7 @@ module Aws::WAFV2
|
|
11169
11224
|
# @return [String]
|
11170
11225
|
#
|
11171
11226
|
# @!attribute [rw] arn
|
11172
|
-
# The Amazon Resource Name (ARN) of the
|
11227
|
+
# The Amazon Resource Name (ARN) of the web ACL that you want to
|
11173
11228
|
# associate with the resource.
|
11174
11229
|
# @return [String]
|
11175
11230
|
#
|
@@ -11179,14 +11234,14 @@ module Aws::WAFV2
|
|
11179
11234
|
# @return [Types::DefaultAction]
|
11180
11235
|
#
|
11181
11236
|
# @!attribute [rw] description
|
11182
|
-
# A description of the
|
11237
|
+
# A description of the web ACL that helps with identification.
|
11183
11238
|
# @return [String]
|
11184
11239
|
#
|
11185
11240
|
# @!attribute [rw] rules
|
11186
11241
|
# The Rule statements used to identify the web requests that you want
|
11187
11242
|
# to allow, block, or count. Each rule includes one top-level
|
11188
|
-
# statement that
|
11189
|
-
# parameters that govern how
|
11243
|
+
# statement that WAF uses to identify matching web requests, and
|
11244
|
+
# parameters that govern how WAF handles them.
|
11190
11245
|
# @return [Array<Types::Rule>]
|
11191
11246
|
#
|
11192
11247
|
# @!attribute [rw] visibility_config
|
@@ -11198,8 +11253,8 @@ module Aws::WAFV2
|
|
11198
11253
|
# The web ACL capacity units (WCUs) currently being used by this web
|
11199
11254
|
# ACL.
|
11200
11255
|
#
|
11201
|
-
#
|
11202
|
-
#
|
11256
|
+
# WAF uses WCUs to calculate and control the operating resources that
|
11257
|
+
# are used to run your rules, rule groups, and web ACLs. WAF
|
11203
11258
|
# calculates capacity differently for each rule type, to reflect the
|
11204
11259
|
# relative cost of each rule. Simple rules that cost little to run use
|
11205
11260
|
# fewer WCUs than more complex rules that use more processing power.
|
@@ -11209,10 +11264,10 @@ module Aws::WAFV2
|
|
11209
11264
|
# @return [Integer]
|
11210
11265
|
#
|
11211
11266
|
# @!attribute [rw] pre_process_firewall_manager_rule_groups
|
11212
|
-
# The first set of rules for
|
11213
|
-
#
|
11214
|
-
#
|
11215
|
-
#
|
11267
|
+
# The first set of rules for WAF to process in the web ACL. This is
|
11268
|
+
# defined in an Firewall Manager WAF policy and contains only rule
|
11269
|
+
# group references. You can't alter these. Any rules and rule groups
|
11270
|
+
# that you define for the web ACL are prioritized after these.
|
11216
11271
|
#
|
11217
11272
|
# In the Firewall Manager WAF policy, the Firewall Manager
|
11218
11273
|
# administrator can define a set of rule groups to run first in the
|
@@ -11222,8 +11277,8 @@ module Aws::WAFV2
|
|
11222
11277
|
# @return [Array<Types::FirewallManagerRuleGroup>]
|
11223
11278
|
#
|
11224
11279
|
# @!attribute [rw] post_process_firewall_manager_rule_groups
|
11225
|
-
# The last set of rules for
|
11226
|
-
# defined in an
|
11280
|
+
# The last set of rules for WAF to process in the web ACL. This is
|
11281
|
+
# defined in an Firewall Manager WAF policy and contains only rule
|
11227
11282
|
# group references. You can't alter these. Any rules and rule groups
|
11228
11283
|
# that you define for the web ACL are prioritized before these.
|
11229
11284
|
#
|
@@ -11235,9 +11290,9 @@ module Aws::WAFV2
|
|
11235
11290
|
# @return [Array<Types::FirewallManagerRuleGroup>]
|
11236
11291
|
#
|
11237
11292
|
# @!attribute [rw] managed_by_firewall_manager
|
11238
|
-
# Indicates whether this web ACL is managed by
|
11239
|
-
#
|
11240
|
-
#
|
11293
|
+
# Indicates whether this web ACL is managed by Firewall Manager. If
|
11294
|
+
# true, then only Firewall Manager can delete the web ACL or any
|
11295
|
+
# Firewall Manager rule groups in the web ACL.
|
11241
11296
|
# @return [Boolean]
|
11242
11297
|
#
|
11243
11298
|
# @!attribute [rw] label_namespace
|
@@ -11249,11 +11304,10 @@ module Aws::WAFV2
|
|
11249
11304
|
#
|
11250
11305
|
# `awswaf:<account ID>:webacl:<web ACL name>:`
|
11251
11306
|
#
|
11252
|
-
# * When a rule with a label matches a web request,
|
11253
|
-
#
|
11254
|
-
#
|
11255
|
-
#
|
11256
|
-
# by a colon:
|
11307
|
+
# * When a rule with a label matches a web request, WAF adds the fully
|
11308
|
+
# qualified label to the request. A fully qualified label is made up
|
11309
|
+
# of the label namespace from the rule group or web ACL where the
|
11310
|
+
# rule is defined and the label from the rule, separated by a colon:
|
11257
11311
|
#
|
11258
11312
|
# `<label namespace>:<label from rule>`
|
11259
11313
|
# @return [String]
|
@@ -11265,12 +11319,12 @@ module Aws::WAFV2
|
|
11265
11319
|
# rules and default actions that you define in the web ACL.
|
11266
11320
|
#
|
11267
11321
|
# For information about customizing web requests and responses, see
|
11268
|
-
# [Customizing web requests and responses in
|
11269
|
-
#
|
11322
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
11323
|
+
# Developer Guide][2].
|
11270
11324
|
#
|
11271
11325
|
# For information about the limits on count and size for custom
|
11272
|
-
# request and response settings, see [
|
11273
|
-
#
|
11326
|
+
# request and response settings, see [WAF quotas][3] in the [WAF
|
11327
|
+
# Developer Guide][2].
|
11274
11328
|
#
|
11275
11329
|
#
|
11276
11330
|
#
|
@@ -11305,29 +11359,29 @@ module Aws::WAFV2
|
|
11305
11359
|
# to operations like AssociateWebACL.
|
11306
11360
|
#
|
11307
11361
|
# @!attribute [rw] name
|
11308
|
-
# The name of the
|
11362
|
+
# The name of the web ACL. You cannot change the name of a web ACL
|
11309
11363
|
# after you create it.
|
11310
11364
|
# @return [String]
|
11311
11365
|
#
|
11312
11366
|
# @!attribute [rw] id
|
11313
|
-
# The unique identifier for the
|
11367
|
+
# The unique identifier for the web ACL. This ID is returned in the
|
11314
11368
|
# responses to create and list commands. You provide it to operations
|
11315
11369
|
# like update and delete.
|
11316
11370
|
# @return [String]
|
11317
11371
|
#
|
11318
11372
|
# @!attribute [rw] description
|
11319
|
-
# A description of the
|
11373
|
+
# A description of the web ACL that helps with identification.
|
11320
11374
|
# @return [String]
|
11321
11375
|
#
|
11322
11376
|
# @!attribute [rw] lock_token
|
11323
|
-
# A token used for optimistic locking.
|
11324
|
-
#
|
11325
|
-
#
|
11377
|
+
# A token used for optimistic locking. WAF returns a token to your get
|
11378
|
+
# and list requests, to mark the state of the entity at the time of
|
11379
|
+
# the request. To make changes to the entity associated with the
|
11326
11380
|
# token, you provide the token to operations like update and delete.
|
11327
|
-
#
|
11328
|
-
#
|
11329
|
-
#
|
11330
|
-
#
|
11381
|
+
# WAF uses the token to ensure that no changes have been made to the
|
11382
|
+
# entity since you last retrieved it. If a change has been made, the
|
11383
|
+
# update fails with a `WAFOptimisticLockException`. If this happens,
|
11384
|
+
# perform another get, and use the new token returned by that
|
11331
11385
|
# operation.
|
11332
11386
|
# @return [String]
|
11333
11387
|
#
|
@@ -11348,13 +11402,13 @@ module Aws::WAFV2
|
|
11348
11402
|
end
|
11349
11403
|
|
11350
11404
|
# A rule statement that defines a cross-site scripting (XSS) match
|
11351
|
-
# search for
|
11352
|
-
#
|
11353
|
-
#
|
11354
|
-
#
|
11355
|
-
#
|
11356
|
-
#
|
11357
|
-
#
|
11405
|
+
# search for WAF to apply to web requests. XSS attacks are those where
|
11406
|
+
# the attacker uses vulnerabilities in a benign website as a vehicle to
|
11407
|
+
# inject malicious client-site scripts into other legitimate web
|
11408
|
+
# browsers. The XSS match statement provides the location in requests
|
11409
|
+
# that you want WAF to search and text transformations to use on the
|
11410
|
+
# search area before WAF searches for character sequences that are
|
11411
|
+
# likely to be malicious strings.
|
11358
11412
|
#
|
11359
11413
|
# @note When making an API call, you may pass XssMatchStatement
|
11360
11414
|
# data as a hash:
|
@@ -11390,20 +11444,20 @@ module Aws::WAFV2
|
|
11390
11444
|
# text_transformations: [ # required
|
11391
11445
|
# {
|
11392
11446
|
# priority: 1, # required
|
11393
|
-
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
|
11447
|
+
# type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
|
11394
11448
|
# },
|
11395
11449
|
# ],
|
11396
11450
|
# }
|
11397
11451
|
#
|
11398
11452
|
# @!attribute [rw] field_to_match
|
11399
|
-
# The part of a web request that you want
|
11453
|
+
# The part of a web request that you want WAF to inspect. For more
|
11400
11454
|
# information, see FieldToMatch.
|
11401
11455
|
# @return [Types::FieldToMatch]
|
11402
11456
|
#
|
11403
11457
|
# @!attribute [rw] text_transformations
|
11404
11458
|
# Text transformations eliminate some of the unusual formatting that
|
11405
11459
|
# attackers use in web requests in an effort to bypass detection. If
|
11406
|
-
# you specify one or more transformations in a rule statement,
|
11460
|
+
# you specify one or more transformations in a rule statement, WAF
|
11407
11461
|
# performs all transformations on the content of the request component
|
11408
11462
|
# identified by `FieldToMatch`, starting from the lowest priority
|
11409
11463
|
# setting, before inspecting the content for a match.
|