aws-sdk-wafv2 1.25.0 → 1.29.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-wafv2/client.rb +294 -12
  5. data/lib/aws-sdk-wafv2/client_api.rb +8 -0
  6. data/lib/aws-sdk-wafv2/types.rb +780 -30
  7. data/lib/aws-sdk-wafv2.rb +1 -1
  8. metadata +4 -4
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -39,6 +39,8 @@ module Aws::WAFV2
39
39
  # This is used only to indicate the web request component for WAF to
40
40
  # inspect, in the FieldToMatch specification.
41
41
  #
42
+ # JSON specification: `"All": \{\}`
43
+ #
42
44
  # @api private
43
45
  #
44
46
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/All AWS API Documentation
@@ -50,6 +52,8 @@ module Aws::WAFV2
50
52
  # This is used only to indicate the web request component for WAF to
51
53
  # inspect, in the FieldToMatch specification.
52
54
  #
55
+ # JSON specification: `"AllQueryArguments": \{\}`
56
+ #
53
57
  # @api private
54
58
  #
55
59
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllQueryArguments AWS API Documentation
@@ -353,6 +357,42 @@ module Aws::WAFV2
353
357
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
354
358
  # key: "LabelMatchKey", # required
355
359
  # },
360
+ # regex_match_statement: {
361
+ # regex_string: "RegexPatternString", # required
362
+ # field_to_match: { # required
363
+ # single_header: {
364
+ # name: "FieldToMatchData", # required
365
+ # },
366
+ # single_query_argument: {
367
+ # name: "FieldToMatchData", # required
368
+ # },
369
+ # all_query_arguments: {
370
+ # },
371
+ # uri_path: {
372
+ # },
373
+ # query_string: {
374
+ # },
375
+ # body: {
376
+ # },
377
+ # method: {
378
+ # },
379
+ # json_body: {
380
+ # match_pattern: { # required
381
+ # all: {
382
+ # },
383
+ # included_paths: ["JsonPointerPath"],
384
+ # },
385
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
386
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
387
+ # },
388
+ # },
389
+ # text_transformations: [ # required
390
+ # {
391
+ # priority: 1, # required
392
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
393
+ # },
394
+ # ],
395
+ # },
356
396
  # },
357
397
  # ],
358
398
  # }
@@ -462,6 +502,8 @@ module Aws::WAFV2
462
502
  # This is used only to indicate the web request component for WAF to
463
503
  # inspect, in the FieldToMatch specification.
464
504
  #
505
+ # JSON specification: `"Body": \{\}`
506
+ #
465
507
  # @api private
466
508
  #
467
509
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Body AWS API Documentation
@@ -878,6 +920,42 @@ module Aws::WAFV2
878
920
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
879
921
  # key: "LabelMatchKey", # required
880
922
  # },
923
+ # regex_match_statement: {
924
+ # regex_string: "RegexPatternString", # required
925
+ # field_to_match: { # required
926
+ # single_header: {
927
+ # name: "FieldToMatchData", # required
928
+ # },
929
+ # single_query_argument: {
930
+ # name: "FieldToMatchData", # required
931
+ # },
932
+ # all_query_arguments: {
933
+ # },
934
+ # uri_path: {
935
+ # },
936
+ # query_string: {
937
+ # },
938
+ # body: {
939
+ # },
940
+ # method: {
941
+ # },
942
+ # json_body: {
943
+ # match_pattern: { # required
944
+ # all: {
945
+ # },
946
+ # included_paths: ["JsonPointerPath"],
947
+ # },
948
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
949
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
950
+ # },
951
+ # },
952
+ # text_transformations: [ # required
953
+ # {
954
+ # priority: 1, # required
955
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
956
+ # },
957
+ # ],
958
+ # },
881
959
  # },
882
960
  # action: {
883
961
  # block: {
@@ -1508,6 +1586,42 @@ module Aws::WAFV2
1508
1586
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1509
1587
  # key: "LabelMatchKey", # required
1510
1588
  # },
1589
+ # regex_match_statement: {
1590
+ # regex_string: "RegexPatternString", # required
1591
+ # field_to_match: { # required
1592
+ # single_header: {
1593
+ # name: "FieldToMatchData", # required
1594
+ # },
1595
+ # single_query_argument: {
1596
+ # name: "FieldToMatchData", # required
1597
+ # },
1598
+ # all_query_arguments: {
1599
+ # },
1600
+ # uri_path: {
1601
+ # },
1602
+ # query_string: {
1603
+ # },
1604
+ # body: {
1605
+ # },
1606
+ # method: {
1607
+ # },
1608
+ # json_body: {
1609
+ # match_pattern: { # required
1610
+ # all: {
1611
+ # },
1612
+ # included_paths: ["JsonPointerPath"],
1613
+ # },
1614
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
1615
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
1616
+ # },
1617
+ # },
1618
+ # text_transformations: [ # required
1619
+ # {
1620
+ # priority: 1, # required
1621
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
1622
+ # },
1623
+ # ],
1624
+ # },
1511
1625
  # },
1512
1626
  # action: {
1513
1627
  # block: {
@@ -1984,6 +2098,42 @@ module Aws::WAFV2
1984
2098
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1985
2099
  # key: "LabelMatchKey", # required
1986
2100
  # },
2101
+ # regex_match_statement: {
2102
+ # regex_string: "RegexPatternString", # required
2103
+ # field_to_match: { # required
2104
+ # single_header: {
2105
+ # name: "FieldToMatchData", # required
2106
+ # },
2107
+ # single_query_argument: {
2108
+ # name: "FieldToMatchData", # required
2109
+ # },
2110
+ # all_query_arguments: {
2111
+ # },
2112
+ # uri_path: {
2113
+ # },
2114
+ # query_string: {
2115
+ # },
2116
+ # body: {
2117
+ # },
2118
+ # method: {
2119
+ # },
2120
+ # json_body: {
2121
+ # match_pattern: { # required
2122
+ # all: {
2123
+ # },
2124
+ # included_paths: ["JsonPointerPath"],
2125
+ # },
2126
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
2127
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
2128
+ # },
2129
+ # },
2130
+ # text_transformations: [ # required
2131
+ # {
2132
+ # priority: 1, # required
2133
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
2134
+ # },
2135
+ # ],
2136
+ # },
1987
2137
  # },
1988
2138
  # action: {
1989
2139
  # block: {
@@ -2954,6 +3104,14 @@ module Aws::WAFV2
2954
3104
  # requires it. To inspect more than one component of a web request,
2955
3105
  # create a separate rule statement for each component.
2956
3106
  #
3107
+ # JSON specification for a `QueryString` field to match:
3108
+ #
3109
+ # ` "FieldToMatch": \{ "QueryString": \{\} \}`
3110
+ #
3111
+ # Example JSON for a `Method` field to match specification:
3112
+ #
3113
+ # ` "FieldToMatch": \{ "Method": \{ "Name": "DELETE" \} \}`
3114
+ #
2957
3115
  # @note When making an API call, you may pass FieldToMatch
2958
3116
  # data as a hash:
2959
3117
  #
@@ -3195,8 +3353,8 @@ module Aws::WAFV2
3195
3353
  # provide the ARN of the rule group in this statement.
3196
3354
  #
3197
3355
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
3198
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
3199
- # as a top-level statement within a rule.
3356
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
3357
+ # group reference statement at the top level inside a web ACL.
3200
3358
  # @return [Types::RuleGroupReferenceStatement]
3201
3359
  #
3202
3360
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -3525,6 +3683,7 @@ module Aws::WAFV2
3525
3683
  # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
3526
3684
  # web_acl_name: "EntityName", # required
3527
3685
  # web_acl_id: "EntityId", # required
3686
+ # rule_group_rule_name: "EntityName",
3528
3687
  # rule_name: "EntityName", # required
3529
3688
  # }
3530
3689
  #
@@ -3554,8 +3713,17 @@ module Aws::WAFV2
3554
3713
  # like update and delete.
3555
3714
  # @return [String]
3556
3715
  #
3716
+ # @!attribute [rw] rule_group_rule_name
3717
+ # The name of the rule group reference statement in your web ACL. This
3718
+ # is required only when you have the rate-based rule nested inside a
3719
+ # rule group.
3720
+ # @return [String]
3721
+ #
3557
3722
  # @!attribute [rw] rule_name
3558
- # The name of the rate-based rule to get the keys for.
3723
+ # The name of the rate-based rule to get the keys for. If you have the
3724
+ # rule defined inside a rule group that you're using in your web ACL,
3725
+ # also provide the name of the rule group reference statement in the
3726
+ # request parameter `RuleGroupRuleName`.
3559
3727
  # @return [String]
3560
3728
  #
3561
3729
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRateBasedStatementManagedKeysRequest AWS API Documentation
@@ -3564,6 +3732,7 @@ module Aws::WAFV2
3564
3732
  :scope,
3565
3733
  :web_acl_name,
3566
3734
  :web_acl_id,
3735
+ :rule_group_rule_name,
3567
3736
  :rule_name)
3568
3737
  SENSITIVE = []
3569
3738
  include Aws::Structure
@@ -4283,6 +4452,9 @@ module Aws::WAFV2
4283
4452
  # inspects only the parts of the JSON that result from the matches that
4284
4453
  # you indicate.
4285
4454
  #
4455
+ # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
4456
+ # "MatchScope": "ALL" \}`
4457
+ #
4286
4458
  # @note When making an API call, you may pass JsonBody
4287
4459
  # data as a hash:
4288
4460
  #
@@ -5267,11 +5439,11 @@ module Aws::WAFV2
5267
5439
  #
5268
5440
  # @!attribute [rw] redacted_fields
5269
5441
  # The parts of the request that you want to keep out of the logs. For
5270
- # example, if you redact the `HEADER` field, the `HEADER` field in the
5271
- # firehose will be `xxx`.
5442
+ # example, if you redact the `SingleHeader` field, the `HEADER` field
5443
+ # in the firehose will be `xxx`.
5272
5444
  #
5273
- # <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
5274
- # `HEADER`, or `METHOD`.
5445
+ # <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
5446
+ # `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
5275
5447
  #
5276
5448
  # </note>
5277
5449
  # @return [Array<Types::FieldToMatch>]
@@ -5620,6 +5792,42 @@ module Aws::WAFV2
5620
5792
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
5621
5793
  # key: "LabelMatchKey", # required
5622
5794
  # },
5795
+ # regex_match_statement: {
5796
+ # regex_string: "RegexPatternString", # required
5797
+ # field_to_match: { # required
5798
+ # single_header: {
5799
+ # name: "FieldToMatchData", # required
5800
+ # },
5801
+ # single_query_argument: {
5802
+ # name: "FieldToMatchData", # required
5803
+ # },
5804
+ # all_query_arguments: {
5805
+ # },
5806
+ # uri_path: {
5807
+ # },
5808
+ # query_string: {
5809
+ # },
5810
+ # body: {
5811
+ # },
5812
+ # method: {
5813
+ # },
5814
+ # json_body: {
5815
+ # match_pattern: { # required
5816
+ # all: {
5817
+ # },
5818
+ # included_paths: ["JsonPointerPath"],
5819
+ # },
5820
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
5821
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
5822
+ # },
5823
+ # },
5824
+ # text_transformations: [ # required
5825
+ # {
5826
+ # priority: 1, # required
5827
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
5828
+ # },
5829
+ # ],
5830
+ # },
5623
5831
  # },
5624
5832
  # }
5625
5833
  #
@@ -5673,8 +5881,9 @@ module Aws::WAFV2
5673
5881
  # name and vendor name, that you provide when you add a
5674
5882
  # ManagedRuleGroupStatement to a web ACL. Managed rule groups include
5675
5883
  # Amazon Web Services Managed Rules rule groups, which are free of
5676
- # charge to WAF customers, and Marketplace managed rule groups, which
5677
- # you can subscribe to through Marketplace.
5884
+ # charge to WAF customers, and Amazon Web Services Marketplace managed
5885
+ # rule groups, which you can subscribe to through Amazon Web Services
5886
+ # Marketplace.
5678
5887
  #
5679
5888
  # @!attribute [rw] vendor_name
5680
5889
  # The name of the managed rule group vendor. You use this, along with
@@ -5688,7 +5897,8 @@ module Aws::WAFV2
5688
5897
  #
5689
5898
  # @!attribute [rw] description
5690
5899
  # The description of the managed rule group, provided by Amazon Web
5691
- # Services Managed Rules or the Marketplace seller who manages it.
5900
+ # Services Managed Rules or the Amazon Web Services Marketplace seller
5901
+ # who manages it.
5692
5902
  # @return [String]
5693
5903
  #
5694
5904
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
@@ -5721,11 +5931,12 @@ module Aws::WAFV2
5721
5931
  include Aws::Structure
5722
5932
  end
5723
5933
 
5724
- # A set of rules that is managed by Amazon Web Services and Marketplace
5725
- # sellers to provide versioned managed rule groups for customers of WAF.
5934
+ # A set of rules that is managed by Amazon Web Services and Amazon Web
5935
+ # Services Marketplace sellers to provide versioned managed rule groups
5936
+ # for customers of WAF.
5726
5937
  #
5727
5938
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
5728
- # are Amazon Web Services and Marketplace sellers.
5939
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
5729
5940
  #
5730
5941
  # Vendors, you can use the managed rule set APIs to provide controlled
5731
5942
  # rollout of your versioned managed rule group offerings for your
@@ -5801,7 +6012,7 @@ module Aws::WAFV2
5801
6012
  # High-level information for a managed rule set.
5802
6013
  #
5803
6014
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
5804
- # are Amazon Web Services and Marketplace sellers.
6015
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
5805
6016
  #
5806
6017
  # Vendors, you can use the managed rule set APIs to provide controlled
5807
6018
  # rollout of your versioned managed rule group offerings for your
@@ -5879,7 +6090,7 @@ module Aws::WAFV2
5879
6090
  # Information for a single version of a managed rule set.
5880
6091
  #
5881
6092
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
5882
- # are Amazon Web Services and Marketplace sellers.
6093
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
5883
6094
  #
5884
6095
  # Vendors, you can use the managed rule set APIs to provide controlled
5885
6096
  # rollout of your versioned managed rule group offerings for your
@@ -5955,6 +6166,8 @@ module Aws::WAFV2
5955
6166
  # This is used only to indicate the web request component for WAF to
5956
6167
  # inspect, in the FieldToMatch specification.
5957
6168
  #
6169
+ # JSON specification: `"Method": \{\}`
6170
+ #
5958
6171
  # @api private
5959
6172
  #
5960
6173
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Method AWS API Documentation
@@ -5968,6 +6181,8 @@ module Aws::WAFV2
5968
6181
  # This is used in the context of other settings, for example to specify
5969
6182
  # values for RuleAction and web ACL DefaultAction.
5970
6183
  #
6184
+ # JSON specification: `"None": \{\}`
6185
+ #
5971
6186
  # @api private
5972
6187
  #
5973
6188
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/NoneAction AWS API Documentation
@@ -6232,6 +6447,42 @@ module Aws::WAFV2
6232
6447
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6233
6448
  # key: "LabelMatchKey", # required
6234
6449
  # },
6450
+ # regex_match_statement: {
6451
+ # regex_string: "RegexPatternString", # required
6452
+ # field_to_match: { # required
6453
+ # single_header: {
6454
+ # name: "FieldToMatchData", # required
6455
+ # },
6456
+ # single_query_argument: {
6457
+ # name: "FieldToMatchData", # required
6458
+ # },
6459
+ # all_query_arguments: {
6460
+ # },
6461
+ # uri_path: {
6462
+ # },
6463
+ # query_string: {
6464
+ # },
6465
+ # body: {
6466
+ # },
6467
+ # method: {
6468
+ # },
6469
+ # json_body: {
6470
+ # match_pattern: { # required
6471
+ # all: {
6472
+ # },
6473
+ # included_paths: ["JsonPointerPath"],
6474
+ # },
6475
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6476
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6477
+ # },
6478
+ # },
6479
+ # text_transformations: [ # required
6480
+ # {
6481
+ # priority: 1, # required
6482
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6483
+ # },
6484
+ # ],
6485
+ # },
6235
6486
  # },
6236
6487
  # }
6237
6488
  #
@@ -6503,6 +6754,42 @@ module Aws::WAFV2
6503
6754
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6504
6755
  # key: "LabelMatchKey", # required
6505
6756
  # },
6757
+ # regex_match_statement: {
6758
+ # regex_string: "RegexPatternString", # required
6759
+ # field_to_match: { # required
6760
+ # single_header: {
6761
+ # name: "FieldToMatchData", # required
6762
+ # },
6763
+ # single_query_argument: {
6764
+ # name: "FieldToMatchData", # required
6765
+ # },
6766
+ # all_query_arguments: {
6767
+ # },
6768
+ # uri_path: {
6769
+ # },
6770
+ # query_string: {
6771
+ # },
6772
+ # body: {
6773
+ # },
6774
+ # method: {
6775
+ # },
6776
+ # json_body: {
6777
+ # match_pattern: { # required
6778
+ # all: {
6779
+ # },
6780
+ # included_paths: ["JsonPointerPath"],
6781
+ # },
6782
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6783
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6784
+ # },
6785
+ # },
6786
+ # text_transformations: [ # required
6787
+ # {
6788
+ # priority: 1, # required
6789
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6790
+ # },
6791
+ # ],
6792
+ # },
6506
6793
  # },
6507
6794
  # ],
6508
6795
  # }
@@ -6812,6 +7099,8 @@ module Aws::WAFV2
6812
7099
  # This is used only to indicate the web request component for WAF to
6813
7100
  # inspect, in the FieldToMatch specification.
6814
7101
  #
7102
+ # JSON specification: `"QueryString": \{\}`
7103
+ #
6815
7104
  # @api private
6816
7105
  #
6817
7106
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/QueryString AWS API Documentation
@@ -6824,6 +7113,15 @@ module Aws::WAFV2
6824
7113
  # You can use this to put a temporary block on requests from an IP
6825
7114
  # address that is sending excessive requests.
6826
7115
  #
7116
+ # WAF tracks and manages web requests separately for each instance of a
7117
+ # rate-based rule that you use. For example, if you provide the same
7118
+ # rate-based rule settings in two web ACLs, each of the two rule
7119
+ # statements represents a separate instance of the rate-based rule and
7120
+ # gets its own tracking and management by WAF. If you define a
7121
+ # rate-based rule inside a rule group, and then use that rule group in
7122
+ # multiple places, each use creates a separate instance of the
7123
+ # rate-based rule that gets its own tracking and management by WAF.
7124
+ #
6827
7125
  # When the rule action triggers, WAF blocks additional requests from the
6828
7126
  # IP address until the request rate falls below the limit.
6829
7127
  #
@@ -6847,9 +7145,9 @@ module Aws::WAFV2
6847
7145
  # not meet both conditions are not counted towards the rate limit and
6848
7146
  # are not affected by this rule.
6849
7147
  #
6850
- # You cannot nest a `RateBasedStatement`, for example for use inside a
6851
- # `NotStatement` or `OrStatement`. It can only be referenced as a
6852
- # top-level statement within a rule.
7148
+ # You cannot nest a `RateBasedStatement` inside another statement, for
7149
+ # example inside a `NotStatement` or `OrStatement`. You can define a
7150
+ # `RateBasedStatement` inside a web ACL and inside a rule group.
6853
7151
  #
6854
7152
  # @note When making an API call, you may pass RateBasedStatement
6855
7153
  # data as a hash:
@@ -7108,7 +7406,43 @@ module Aws::WAFV2
7108
7406
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7109
7407
  # key: "LabelMatchKey", # required
7110
7408
  # },
7111
- # },
7409
+ # regex_match_statement: {
7410
+ # regex_string: "RegexPatternString", # required
7411
+ # field_to_match: { # required
7412
+ # single_header: {
7413
+ # name: "FieldToMatchData", # required
7414
+ # },
7415
+ # single_query_argument: {
7416
+ # name: "FieldToMatchData", # required
7417
+ # },
7418
+ # all_query_arguments: {
7419
+ # },
7420
+ # uri_path: {
7421
+ # },
7422
+ # query_string: {
7423
+ # },
7424
+ # body: {
7425
+ # },
7426
+ # method: {
7427
+ # },
7428
+ # json_body: {
7429
+ # match_pattern: { # required
7430
+ # all: {
7431
+ # },
7432
+ # included_paths: ["JsonPointerPath"],
7433
+ # },
7434
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7435
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7436
+ # },
7437
+ # },
7438
+ # text_transformations: [ # required
7439
+ # {
7440
+ # priority: 1, # required
7441
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7442
+ # },
7443
+ # ],
7444
+ # },
7445
+ # },
7112
7446
  # forwarded_ip_config: {
7113
7447
  # header_name: "ForwardedIPHeaderName", # required
7114
7448
  # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
@@ -7167,8 +7501,8 @@ module Aws::WAFV2
7167
7501
  include Aws::Structure
7168
7502
  end
7169
7503
 
7170
- # The set of IP addresses that are currently blocked for a rate-based
7171
- # statement.
7504
+ # The set of IP addresses that are currently blocked for a
7505
+ # RateBasedStatement.
7172
7506
  #
7173
7507
  # @!attribute [rw] ip_address_version
7174
7508
  # The version of the IP addresses, either `IPV4` or `IPV6`.
@@ -7208,6 +7542,77 @@ module Aws::WAFV2
7208
7542
  include Aws::Structure
7209
7543
  end
7210
7544
 
7545
+ # A rule statement used to search web request components for a match
7546
+ # against a single regular expression.
7547
+ #
7548
+ # @note When making an API call, you may pass RegexMatchStatement
7549
+ # data as a hash:
7550
+ #
7551
+ # {
7552
+ # regex_string: "RegexPatternString", # required
7553
+ # field_to_match: { # required
7554
+ # single_header: {
7555
+ # name: "FieldToMatchData", # required
7556
+ # },
7557
+ # single_query_argument: {
7558
+ # name: "FieldToMatchData", # required
7559
+ # },
7560
+ # all_query_arguments: {
7561
+ # },
7562
+ # uri_path: {
7563
+ # },
7564
+ # query_string: {
7565
+ # },
7566
+ # body: {
7567
+ # },
7568
+ # method: {
7569
+ # },
7570
+ # json_body: {
7571
+ # match_pattern: { # required
7572
+ # all: {
7573
+ # },
7574
+ # included_paths: ["JsonPointerPath"],
7575
+ # },
7576
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7577
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7578
+ # },
7579
+ # },
7580
+ # text_transformations: [ # required
7581
+ # {
7582
+ # priority: 1, # required
7583
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7584
+ # },
7585
+ # ],
7586
+ # }
7587
+ #
7588
+ # @!attribute [rw] regex_string
7589
+ # The string representing the regular expression.
7590
+ # @return [String]
7591
+ #
7592
+ # @!attribute [rw] field_to_match
7593
+ # The part of a web request that you want WAF to inspect. For more
7594
+ # information, see FieldToMatch.
7595
+ # @return [Types::FieldToMatch]
7596
+ #
7597
+ # @!attribute [rw] text_transformations
7598
+ # Text transformations eliminate some of the unusual formatting that
7599
+ # attackers use in web requests in an effort to bypass detection. If
7600
+ # you specify one or more transformations in a rule statement, WAF
7601
+ # performs all transformations on the content of the request component
7602
+ # identified by `FieldToMatch`, starting from the lowest priority
7603
+ # setting, before inspecting the content for a match.
7604
+ # @return [Array<Types::TextTransformation>]
7605
+ #
7606
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
7607
+ #
7608
+ class RegexMatchStatement < Struct.new(
7609
+ :regex_string,
7610
+ :field_to_match,
7611
+ :text_transformations)
7612
+ SENSITIVE = []
7613
+ include Aws::Structure
7614
+ end
7615
+
7211
7616
  # Contains one or more regular expressions.
7212
7617
  #
7213
7618
  # WAF assigns an ARN to each `RegexPatternSet` that you create. To use a
@@ -7641,6 +8046,42 @@ module Aws::WAFV2
7641
8046
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7642
8047
  # key: "LabelMatchKey", # required
7643
8048
  # },
8049
+ # regex_match_statement: {
8050
+ # regex_string: "RegexPatternString", # required
8051
+ # field_to_match: { # required
8052
+ # single_header: {
8053
+ # name: "FieldToMatchData", # required
8054
+ # },
8055
+ # single_query_argument: {
8056
+ # name: "FieldToMatchData", # required
8057
+ # },
8058
+ # all_query_arguments: {
8059
+ # },
8060
+ # uri_path: {
8061
+ # },
8062
+ # query_string: {
8063
+ # },
8064
+ # body: {
8065
+ # },
8066
+ # method: {
8067
+ # },
8068
+ # json_body: {
8069
+ # match_pattern: { # required
8070
+ # all: {
8071
+ # },
8072
+ # included_paths: ["JsonPointerPath"],
8073
+ # },
8074
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
8075
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
8076
+ # },
8077
+ # },
8078
+ # text_transformations: [ # required
8079
+ # {
8080
+ # priority: 1, # required
8081
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
8082
+ # },
8083
+ # ],
8084
+ # },
7644
8085
  # },
7645
8086
  # action: {
7646
8087
  # block: {
@@ -7996,8 +8437,8 @@ module Aws::WAFV2
7996
8437
  # provide the ARN of the rule group in this statement.
7997
8438
  #
7998
8439
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
7999
- # inside a `NotStatement` or `OrStatement`. It can only be referenced as
8000
- # a top-level statement within a rule.
8440
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
8441
+ # group reference statement at the top level inside a web ACL.
8001
8442
  #
8002
8443
  # @note When making an API call, you may pass RuleGroupReferenceStatement
8003
8444
  # data as a hash:
@@ -8179,6 +8620,8 @@ module Aws::WAFV2
8179
8620
  # This is used only to indicate the web request component for WAF to
8180
8621
  # inspect, in the FieldToMatch specification.
8181
8622
  #
8623
+ # Example JSON: `"SingleHeader": \{ "Name": "haystack" \}`
8624
+ #
8182
8625
  # @note When making an API call, you may pass SingleHeader
8183
8626
  # data as a hash:
8184
8627
  #
@@ -8202,6 +8645,8 @@ module Aws::WAFV2
8202
8645
  # *UserName* or *SalesRegion*. The name can be up to 30 characters long
8203
8646
  # and isn't case sensitive.
8204
8647
  #
8648
+ # Example JSON: `"SingleQueryArgument": \{ "Name": "myArgument" \}`
8649
+ #
8205
8650
  # @note When making an API call, you may pass SingleQueryArgument
8206
8651
  # data as a hash:
8207
8652
  #
@@ -8837,6 +9282,42 @@ module Aws::WAFV2
8837
9282
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8838
9283
  # key: "LabelMatchKey", # required
8839
9284
  # },
9285
+ # regex_match_statement: {
9286
+ # regex_string: "RegexPatternString", # required
9287
+ # field_to_match: { # required
9288
+ # single_header: {
9289
+ # name: "FieldToMatchData", # required
9290
+ # },
9291
+ # single_query_argument: {
9292
+ # name: "FieldToMatchData", # required
9293
+ # },
9294
+ # all_query_arguments: {
9295
+ # },
9296
+ # uri_path: {
9297
+ # },
9298
+ # query_string: {
9299
+ # },
9300
+ # body: {
9301
+ # },
9302
+ # method: {
9303
+ # },
9304
+ # json_body: {
9305
+ # match_pattern: { # required
9306
+ # all: {
9307
+ # },
9308
+ # included_paths: ["JsonPointerPath"],
9309
+ # },
9310
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9311
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9312
+ # },
9313
+ # },
9314
+ # text_transformations: [ # required
9315
+ # {
9316
+ # priority: 1, # required
9317
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9318
+ # },
9319
+ # ],
9320
+ # },
8840
9321
  # },
8841
9322
  # forwarded_ip_config: {
8842
9323
  # header_name: "ForwardedIPHeaderName", # required
@@ -9090,6 +9571,42 @@ module Aws::WAFV2
9090
9571
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9091
9572
  # key: "LabelMatchKey", # required
9092
9573
  # },
9574
+ # regex_match_statement: {
9575
+ # regex_string: "RegexPatternString", # required
9576
+ # field_to_match: { # required
9577
+ # single_header: {
9578
+ # name: "FieldToMatchData", # required
9579
+ # },
9580
+ # single_query_argument: {
9581
+ # name: "FieldToMatchData", # required
9582
+ # },
9583
+ # all_query_arguments: {
9584
+ # },
9585
+ # uri_path: {
9586
+ # },
9587
+ # query_string: {
9588
+ # },
9589
+ # body: {
9590
+ # },
9591
+ # method: {
9592
+ # },
9593
+ # json_body: {
9594
+ # match_pattern: { # required
9595
+ # all: {
9596
+ # },
9597
+ # included_paths: ["JsonPointerPath"],
9598
+ # },
9599
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9600
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9601
+ # },
9602
+ # },
9603
+ # text_transformations: [ # required
9604
+ # {
9605
+ # priority: 1, # required
9606
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9607
+ # },
9608
+ # ],
9609
+ # },
9093
9610
  # },
9094
9611
  # ],
9095
9612
  # },
@@ -9340,6 +9857,42 @@ module Aws::WAFV2
9340
9857
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9341
9858
  # key: "LabelMatchKey", # required
9342
9859
  # },
9860
+ # regex_match_statement: {
9861
+ # regex_string: "RegexPatternString", # required
9862
+ # field_to_match: { # required
9863
+ # single_header: {
9864
+ # name: "FieldToMatchData", # required
9865
+ # },
9866
+ # single_query_argument: {
9867
+ # name: "FieldToMatchData", # required
9868
+ # },
9869
+ # all_query_arguments: {
9870
+ # },
9871
+ # uri_path: {
9872
+ # },
9873
+ # query_string: {
9874
+ # },
9875
+ # body: {
9876
+ # },
9877
+ # method: {
9878
+ # },
9879
+ # json_body: {
9880
+ # match_pattern: { # required
9881
+ # all: {
9882
+ # },
9883
+ # included_paths: ["JsonPointerPath"],
9884
+ # },
9885
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9886
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9887
+ # },
9888
+ # },
9889
+ # text_transformations: [ # required
9890
+ # {
9891
+ # priority: 1, # required
9892
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9893
+ # },
9894
+ # ],
9895
+ # },
9343
9896
  # },
9344
9897
  # ],
9345
9898
  # },
@@ -9593,6 +10146,42 @@ module Aws::WAFV2
9593
10146
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9594
10147
  # key: "LabelMatchKey", # required
9595
10148
  # },
10149
+ # regex_match_statement: {
10150
+ # regex_string: "RegexPatternString", # required
10151
+ # field_to_match: { # required
10152
+ # single_header: {
10153
+ # name: "FieldToMatchData", # required
10154
+ # },
10155
+ # single_query_argument: {
10156
+ # name: "FieldToMatchData", # required
10157
+ # },
10158
+ # all_query_arguments: {
10159
+ # },
10160
+ # uri_path: {
10161
+ # },
10162
+ # query_string: {
10163
+ # },
10164
+ # body: {
10165
+ # },
10166
+ # method: {
10167
+ # },
10168
+ # json_body: {
10169
+ # match_pattern: { # required
10170
+ # all: {
10171
+ # },
10172
+ # included_paths: ["JsonPointerPath"],
10173
+ # },
10174
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10175
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10176
+ # },
10177
+ # },
10178
+ # text_transformations: [ # required
10179
+ # {
10180
+ # priority: 1, # required
10181
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10182
+ # },
10183
+ # ],
10184
+ # },
9596
10185
  # },
9597
10186
  # },
9598
10187
  # managed_rule_group_statement: {
@@ -9845,12 +10434,84 @@ module Aws::WAFV2
9845
10434
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9846
10435
  # key: "LabelMatchKey", # required
9847
10436
  # },
10437
+ # regex_match_statement: {
10438
+ # regex_string: "RegexPatternString", # required
10439
+ # field_to_match: { # required
10440
+ # single_header: {
10441
+ # name: "FieldToMatchData", # required
10442
+ # },
10443
+ # single_query_argument: {
10444
+ # name: "FieldToMatchData", # required
10445
+ # },
10446
+ # all_query_arguments: {
10447
+ # },
10448
+ # uri_path: {
10449
+ # },
10450
+ # query_string: {
10451
+ # },
10452
+ # body: {
10453
+ # },
10454
+ # method: {
10455
+ # },
10456
+ # json_body: {
10457
+ # match_pattern: { # required
10458
+ # all: {
10459
+ # },
10460
+ # included_paths: ["JsonPointerPath"],
10461
+ # },
10462
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10463
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10464
+ # },
10465
+ # },
10466
+ # text_transformations: [ # required
10467
+ # {
10468
+ # priority: 1, # required
10469
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10470
+ # },
10471
+ # ],
10472
+ # },
9848
10473
  # },
9849
10474
  # },
9850
10475
  # label_match_statement: {
9851
10476
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9852
10477
  # key: "LabelMatchKey", # required
9853
10478
  # },
10479
+ # regex_match_statement: {
10480
+ # regex_string: "RegexPatternString", # required
10481
+ # field_to_match: { # required
10482
+ # single_header: {
10483
+ # name: "FieldToMatchData", # required
10484
+ # },
10485
+ # single_query_argument: {
10486
+ # name: "FieldToMatchData", # required
10487
+ # },
10488
+ # all_query_arguments: {
10489
+ # },
10490
+ # uri_path: {
10491
+ # },
10492
+ # query_string: {
10493
+ # },
10494
+ # body: {
10495
+ # },
10496
+ # method: {
10497
+ # },
10498
+ # json_body: {
10499
+ # match_pattern: { # required
10500
+ # all: {
10501
+ # },
10502
+ # included_paths: ["JsonPointerPath"],
10503
+ # },
10504
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10505
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10506
+ # },
10507
+ # },
10508
+ # text_transformations: [ # required
10509
+ # {
10510
+ # priority: 1, # required
10511
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10512
+ # },
10513
+ # ],
10514
+ # },
9854
10515
  # }
9855
10516
  #
9856
10517
  # @!attribute [rw] byte_match_statement
@@ -9913,8 +10574,8 @@ module Aws::WAFV2
9913
10574
  # provide the ARN of the rule group in this statement.
9914
10575
  #
9915
10576
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
9916
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
9917
- # as a top-level statement within a rule.
10577
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
10578
+ # group reference statement at the top level inside a web ACL.
9918
10579
  # @return [Types::RuleGroupReferenceStatement]
9919
10580
  #
9920
10581
  # @!attribute [rw] ip_set_reference_statement
@@ -9952,6 +10613,15 @@ module Aws::WAFV2
9952
10613
  # time span. You can use this to put a temporary block on requests
9953
10614
  # from an IP address that is sending excessive requests.
9954
10615
  #
10616
+ # WAF tracks and manages web requests separately for each instance of
10617
+ # a rate-based rule that you use. For example, if you provide the same
10618
+ # rate-based rule settings in two web ACLs, each of the two rule
10619
+ # statements represents a separate instance of the rate-based rule and
10620
+ # gets its own tracking and management by WAF. If you define a
10621
+ # rate-based rule inside a rule group, and then use that rule group in
10622
+ # multiple places, each use creates a separate instance of the
10623
+ # rate-based rule that gets its own tracking and management by WAF.
10624
+ #
9955
10625
  # When the rule action triggers, WAF blocks additional requests from
9956
10626
  # the IP address until the request rate falls below the limit.
9957
10627
  #
@@ -9975,9 +10645,9 @@ module Aws::WAFV2
9975
10645
  # do not meet both conditions are not counted towards the rate limit
9976
10646
  # and are not affected by this rule.
9977
10647
  #
9978
- # You cannot nest a `RateBasedStatement`, for example for use inside a
9979
- # `NotStatement` or `OrStatement`. It can only be referenced as a
9980
- # top-level statement within a rule.
10648
+ # You cannot nest a `RateBasedStatement` inside another statement, for
10649
+ # example inside a `NotStatement` or `OrStatement`. You can define a
10650
+ # `RateBasedStatement` inside a web ACL and inside a rule group.
9981
10651
  # @return [Types::RateBasedStatement]
9982
10652
  #
9983
10653
  # @!attribute [rw] and_statement
@@ -10023,6 +10693,11 @@ module Aws::WAFV2
10023
10693
  # that were added in the same context as the label match statement.
10024
10694
  # @return [Types::LabelMatchStatement]
10025
10695
  #
10696
+ # @!attribute [rw] regex_match_statement
10697
+ # A rule statement used to search web request components for a match
10698
+ # against a single regular expression.
10699
+ # @return [Types::RegexMatchStatement]
10700
+ #
10026
10701
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Statement AWS API Documentation
10027
10702
  #
10028
10703
  class Statement < Struct.new(
@@ -10039,7 +10714,8 @@ module Aws::WAFV2
10039
10714
  :or_statement,
10040
10715
  :not_statement,
10041
10716
  :managed_rule_group_statement,
10042
- :label_match_statement)
10717
+ :label_match_statement,
10718
+ :regex_match_statement)
10043
10719
  SENSITIVE = []
10044
10720
  include Aws::Structure
10045
10721
  end
@@ -10965,6 +11641,42 @@ module Aws::WAFV2
10965
11641
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
10966
11642
  # key: "LabelMatchKey", # required
10967
11643
  # },
11644
+ # regex_match_statement: {
11645
+ # regex_string: "RegexPatternString", # required
11646
+ # field_to_match: { # required
11647
+ # single_header: {
11648
+ # name: "FieldToMatchData", # required
11649
+ # },
11650
+ # single_query_argument: {
11651
+ # name: "FieldToMatchData", # required
11652
+ # },
11653
+ # all_query_arguments: {
11654
+ # },
11655
+ # uri_path: {
11656
+ # },
11657
+ # query_string: {
11658
+ # },
11659
+ # body: {
11660
+ # },
11661
+ # method: {
11662
+ # },
11663
+ # json_body: {
11664
+ # match_pattern: { # required
11665
+ # all: {
11666
+ # },
11667
+ # included_paths: ["JsonPointerPath"],
11668
+ # },
11669
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
11670
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
11671
+ # },
11672
+ # },
11673
+ # text_transformations: [ # required
11674
+ # {
11675
+ # priority: 1, # required
11676
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
11677
+ # },
11678
+ # ],
11679
+ # },
10968
11680
  # },
10969
11681
  # action: {
10970
11682
  # block: {
@@ -11431,6 +12143,42 @@ module Aws::WAFV2
11431
12143
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
11432
12144
  # key: "LabelMatchKey", # required
11433
12145
  # },
12146
+ # regex_match_statement: {
12147
+ # regex_string: "RegexPatternString", # required
12148
+ # field_to_match: { # required
12149
+ # single_header: {
12150
+ # name: "FieldToMatchData", # required
12151
+ # },
12152
+ # single_query_argument: {
12153
+ # name: "FieldToMatchData", # required
12154
+ # },
12155
+ # all_query_arguments: {
12156
+ # },
12157
+ # uri_path: {
12158
+ # },
12159
+ # query_string: {
12160
+ # },
12161
+ # body: {
12162
+ # },
12163
+ # method: {
12164
+ # },
12165
+ # json_body: {
12166
+ # match_pattern: { # required
12167
+ # all: {
12168
+ # },
12169
+ # included_paths: ["JsonPointerPath"],
12170
+ # },
12171
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
12172
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
12173
+ # },
12174
+ # },
12175
+ # text_transformations: [ # required
12176
+ # {
12177
+ # priority: 1, # required
12178
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
12179
+ # },
12180
+ # ],
12181
+ # },
11434
12182
  # },
11435
12183
  # action: {
11436
12184
  # block: {
@@ -11623,6 +12371,8 @@ module Aws::WAFV2
11623
12371
  # This is used only to indicate the web request component for WAF to
11624
12372
  # inspect, in the FieldToMatch specification.
11625
12373
  #
12374
+ # JSON specification: `"UriPath": \{\}`
12375
+ #
11626
12376
  # @api private
11627
12377
  #
11628
12378
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UriPath AWS API Documentation
@@ -11633,7 +12383,7 @@ module Aws::WAFV2
11633
12383
  # vendor publishes for use by customers.
11634
12384
  #
11635
12385
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
11636
- # are Amazon Web Services and Marketplace sellers.
12386
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
11637
12387
  #
11638
12388
  # Vendors, you can use the managed rule set APIs to provide controlled
11639
12389
  # rollout of your versioned managed rule group offerings for your