aws-sdk-wafv2 1.25.0 → 1.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-wafv2/client.rb +294 -12
  5. data/lib/aws-sdk-wafv2/client_api.rb +8 -0
  6. data/lib/aws-sdk-wafv2/types.rb +780 -30
  7. data/lib/aws-sdk-wafv2.rb +1 -1
  8. metadata +4 -4
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -39,6 +39,8 @@ module Aws::WAFV2
39
39
  # This is used only to indicate the web request component for WAF to
40
40
  # inspect, in the FieldToMatch specification.
41
41
  #
42
+ # JSON specification: `"All": \{\}`
43
+ #
42
44
  # @api private
43
45
  #
44
46
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/All AWS API Documentation
@@ -50,6 +52,8 @@ module Aws::WAFV2
50
52
  # This is used only to indicate the web request component for WAF to
51
53
  # inspect, in the FieldToMatch specification.
52
54
  #
55
+ # JSON specification: `"AllQueryArguments": \{\}`
56
+ #
53
57
  # @api private
54
58
  #
55
59
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllQueryArguments AWS API Documentation
@@ -353,6 +357,42 @@ module Aws::WAFV2
353
357
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
354
358
  # key: "LabelMatchKey", # required
355
359
  # },
360
+ # regex_match_statement: {
361
+ # regex_string: "RegexPatternString", # required
362
+ # field_to_match: { # required
363
+ # single_header: {
364
+ # name: "FieldToMatchData", # required
365
+ # },
366
+ # single_query_argument: {
367
+ # name: "FieldToMatchData", # required
368
+ # },
369
+ # all_query_arguments: {
370
+ # },
371
+ # uri_path: {
372
+ # },
373
+ # query_string: {
374
+ # },
375
+ # body: {
376
+ # },
377
+ # method: {
378
+ # },
379
+ # json_body: {
380
+ # match_pattern: { # required
381
+ # all: {
382
+ # },
383
+ # included_paths: ["JsonPointerPath"],
384
+ # },
385
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
386
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
387
+ # },
388
+ # },
389
+ # text_transformations: [ # required
390
+ # {
391
+ # priority: 1, # required
392
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
393
+ # },
394
+ # ],
395
+ # },
356
396
  # },
357
397
  # ],
358
398
  # }
@@ -462,6 +502,8 @@ module Aws::WAFV2
462
502
  # This is used only to indicate the web request component for WAF to
463
503
  # inspect, in the FieldToMatch specification.
464
504
  #
505
+ # JSON specification: `"Body": \{\}`
506
+ #
465
507
  # @api private
466
508
  #
467
509
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Body AWS API Documentation
@@ -878,6 +920,42 @@ module Aws::WAFV2
878
920
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
879
921
  # key: "LabelMatchKey", # required
880
922
  # },
923
+ # regex_match_statement: {
924
+ # regex_string: "RegexPatternString", # required
925
+ # field_to_match: { # required
926
+ # single_header: {
927
+ # name: "FieldToMatchData", # required
928
+ # },
929
+ # single_query_argument: {
930
+ # name: "FieldToMatchData", # required
931
+ # },
932
+ # all_query_arguments: {
933
+ # },
934
+ # uri_path: {
935
+ # },
936
+ # query_string: {
937
+ # },
938
+ # body: {
939
+ # },
940
+ # method: {
941
+ # },
942
+ # json_body: {
943
+ # match_pattern: { # required
944
+ # all: {
945
+ # },
946
+ # included_paths: ["JsonPointerPath"],
947
+ # },
948
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
949
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
950
+ # },
951
+ # },
952
+ # text_transformations: [ # required
953
+ # {
954
+ # priority: 1, # required
955
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
956
+ # },
957
+ # ],
958
+ # },
881
959
  # },
882
960
  # action: {
883
961
  # block: {
@@ -1508,6 +1586,42 @@ module Aws::WAFV2
1508
1586
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1509
1587
  # key: "LabelMatchKey", # required
1510
1588
  # },
1589
+ # regex_match_statement: {
1590
+ # regex_string: "RegexPatternString", # required
1591
+ # field_to_match: { # required
1592
+ # single_header: {
1593
+ # name: "FieldToMatchData", # required
1594
+ # },
1595
+ # single_query_argument: {
1596
+ # name: "FieldToMatchData", # required
1597
+ # },
1598
+ # all_query_arguments: {
1599
+ # },
1600
+ # uri_path: {
1601
+ # },
1602
+ # query_string: {
1603
+ # },
1604
+ # body: {
1605
+ # },
1606
+ # method: {
1607
+ # },
1608
+ # json_body: {
1609
+ # match_pattern: { # required
1610
+ # all: {
1611
+ # },
1612
+ # included_paths: ["JsonPointerPath"],
1613
+ # },
1614
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
1615
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
1616
+ # },
1617
+ # },
1618
+ # text_transformations: [ # required
1619
+ # {
1620
+ # priority: 1, # required
1621
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
1622
+ # },
1623
+ # ],
1624
+ # },
1511
1625
  # },
1512
1626
  # action: {
1513
1627
  # block: {
@@ -1984,6 +2098,42 @@ module Aws::WAFV2
1984
2098
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1985
2099
  # key: "LabelMatchKey", # required
1986
2100
  # },
2101
+ # regex_match_statement: {
2102
+ # regex_string: "RegexPatternString", # required
2103
+ # field_to_match: { # required
2104
+ # single_header: {
2105
+ # name: "FieldToMatchData", # required
2106
+ # },
2107
+ # single_query_argument: {
2108
+ # name: "FieldToMatchData", # required
2109
+ # },
2110
+ # all_query_arguments: {
2111
+ # },
2112
+ # uri_path: {
2113
+ # },
2114
+ # query_string: {
2115
+ # },
2116
+ # body: {
2117
+ # },
2118
+ # method: {
2119
+ # },
2120
+ # json_body: {
2121
+ # match_pattern: { # required
2122
+ # all: {
2123
+ # },
2124
+ # included_paths: ["JsonPointerPath"],
2125
+ # },
2126
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
2127
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
2128
+ # },
2129
+ # },
2130
+ # text_transformations: [ # required
2131
+ # {
2132
+ # priority: 1, # required
2133
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
2134
+ # },
2135
+ # ],
2136
+ # },
1987
2137
  # },
1988
2138
  # action: {
1989
2139
  # block: {
@@ -2954,6 +3104,14 @@ module Aws::WAFV2
2954
3104
  # requires it. To inspect more than one component of a web request,
2955
3105
  # create a separate rule statement for each component.
2956
3106
  #
3107
+ # JSON specification for a `QueryString` field to match:
3108
+ #
3109
+ # ` "FieldToMatch": \{ "QueryString": \{\} \}`
3110
+ #
3111
+ # Example JSON for a `Method` field to match specification:
3112
+ #
3113
+ # ` "FieldToMatch": \{ "Method": \{ "Name": "DELETE" \} \}`
3114
+ #
2957
3115
  # @note When making an API call, you may pass FieldToMatch
2958
3116
  # data as a hash:
2959
3117
  #
@@ -3195,8 +3353,8 @@ module Aws::WAFV2
3195
3353
  # provide the ARN of the rule group in this statement.
3196
3354
  #
3197
3355
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
3198
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
3199
- # as a top-level statement within a rule.
3356
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
3357
+ # group reference statement at the top level inside a web ACL.
3200
3358
  # @return [Types::RuleGroupReferenceStatement]
3201
3359
  #
3202
3360
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -3525,6 +3683,7 @@ module Aws::WAFV2
3525
3683
  # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
3526
3684
  # web_acl_name: "EntityName", # required
3527
3685
  # web_acl_id: "EntityId", # required
3686
+ # rule_group_rule_name: "EntityName",
3528
3687
  # rule_name: "EntityName", # required
3529
3688
  # }
3530
3689
  #
@@ -3554,8 +3713,17 @@ module Aws::WAFV2
3554
3713
  # like update and delete.
3555
3714
  # @return [String]
3556
3715
  #
3716
+ # @!attribute [rw] rule_group_rule_name
3717
+ # The name of the rule group reference statement in your web ACL. This
3718
+ # is required only when you have the rate-based rule nested inside a
3719
+ # rule group.
3720
+ # @return [String]
3721
+ #
3557
3722
  # @!attribute [rw] rule_name
3558
- # The name of the rate-based rule to get the keys for.
3723
+ # The name of the rate-based rule to get the keys for. If you have the
3724
+ # rule defined inside a rule group that you're using in your web ACL,
3725
+ # also provide the name of the rule group reference statement in the
3726
+ # request parameter `RuleGroupRuleName`.
3559
3727
  # @return [String]
3560
3728
  #
3561
3729
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRateBasedStatementManagedKeysRequest AWS API Documentation
@@ -3564,6 +3732,7 @@ module Aws::WAFV2
3564
3732
  :scope,
3565
3733
  :web_acl_name,
3566
3734
  :web_acl_id,
3735
+ :rule_group_rule_name,
3567
3736
  :rule_name)
3568
3737
  SENSITIVE = []
3569
3738
  include Aws::Structure
@@ -4283,6 +4452,9 @@ module Aws::WAFV2
4283
4452
  # inspects only the parts of the JSON that result from the matches that
4284
4453
  # you indicate.
4285
4454
  #
4455
+ # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
4456
+ # "MatchScope": "ALL" \}`
4457
+ #
4286
4458
  # @note When making an API call, you may pass JsonBody
4287
4459
  # data as a hash:
4288
4460
  #
@@ -5267,11 +5439,11 @@ module Aws::WAFV2
5267
5439
  #
5268
5440
  # @!attribute [rw] redacted_fields
5269
5441
  # The parts of the request that you want to keep out of the logs. For
5270
- # example, if you redact the `HEADER` field, the `HEADER` field in the
5271
- # firehose will be `xxx`.
5442
+ # example, if you redact the `SingleHeader` field, the `HEADER` field
5443
+ # in the firehose will be `xxx`.
5272
5444
  #
5273
- # <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
5274
- # `HEADER`, or `METHOD`.
5445
+ # <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
5446
+ # `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
5275
5447
  #
5276
5448
  # </note>
5277
5449
  # @return [Array<Types::FieldToMatch>]
@@ -5620,6 +5792,42 @@ module Aws::WAFV2
5620
5792
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
5621
5793
  # key: "LabelMatchKey", # required
5622
5794
  # },
5795
+ # regex_match_statement: {
5796
+ # regex_string: "RegexPatternString", # required
5797
+ # field_to_match: { # required
5798
+ # single_header: {
5799
+ # name: "FieldToMatchData", # required
5800
+ # },
5801
+ # single_query_argument: {
5802
+ # name: "FieldToMatchData", # required
5803
+ # },
5804
+ # all_query_arguments: {
5805
+ # },
5806
+ # uri_path: {
5807
+ # },
5808
+ # query_string: {
5809
+ # },
5810
+ # body: {
5811
+ # },
5812
+ # method: {
5813
+ # },
5814
+ # json_body: {
5815
+ # match_pattern: { # required
5816
+ # all: {
5817
+ # },
5818
+ # included_paths: ["JsonPointerPath"],
5819
+ # },
5820
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
5821
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
5822
+ # },
5823
+ # },
5824
+ # text_transformations: [ # required
5825
+ # {
5826
+ # priority: 1, # required
5827
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
5828
+ # },
5829
+ # ],
5830
+ # },
5623
5831
  # },
5624
5832
  # }
5625
5833
  #
@@ -5673,8 +5881,9 @@ module Aws::WAFV2
5673
5881
  # name and vendor name, that you provide when you add a
5674
5882
  # ManagedRuleGroupStatement to a web ACL. Managed rule groups include
5675
5883
  # Amazon Web Services Managed Rules rule groups, which are free of
5676
- # charge to WAF customers, and Marketplace managed rule groups, which
5677
- # you can subscribe to through Marketplace.
5884
+ # charge to WAF customers, and Amazon Web Services Marketplace managed
5885
+ # rule groups, which you can subscribe to through Amazon Web Services
5886
+ # Marketplace.
5678
5887
  #
5679
5888
  # @!attribute [rw] vendor_name
5680
5889
  # The name of the managed rule group vendor. You use this, along with
@@ -5688,7 +5897,8 @@ module Aws::WAFV2
5688
5897
  #
5689
5898
  # @!attribute [rw] description
5690
5899
  # The description of the managed rule group, provided by Amazon Web
5691
- # Services Managed Rules or the Marketplace seller who manages it.
5900
+ # Services Managed Rules or the Amazon Web Services Marketplace seller
5901
+ # who manages it.
5692
5902
  # @return [String]
5693
5903
  #
5694
5904
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
@@ -5721,11 +5931,12 @@ module Aws::WAFV2
5721
5931
  include Aws::Structure
5722
5932
  end
5723
5933
 
5724
- # A set of rules that is managed by Amazon Web Services and Marketplace
5725
- # sellers to provide versioned managed rule groups for customers of WAF.
5934
+ # A set of rules that is managed by Amazon Web Services and Amazon Web
5935
+ # Services Marketplace sellers to provide versioned managed rule groups
5936
+ # for customers of WAF.
5726
5937
  #
5727
5938
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
5728
- # are Amazon Web Services and Marketplace sellers.
5939
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
5729
5940
  #
5730
5941
  # Vendors, you can use the managed rule set APIs to provide controlled
5731
5942
  # rollout of your versioned managed rule group offerings for your
@@ -5801,7 +6012,7 @@ module Aws::WAFV2
5801
6012
  # High-level information for a managed rule set.
5802
6013
  #
5803
6014
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
5804
- # are Amazon Web Services and Marketplace sellers.
6015
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
5805
6016
  #
5806
6017
  # Vendors, you can use the managed rule set APIs to provide controlled
5807
6018
  # rollout of your versioned managed rule group offerings for your
@@ -5879,7 +6090,7 @@ module Aws::WAFV2
5879
6090
  # Information for a single version of a managed rule set.
5880
6091
  #
5881
6092
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
5882
- # are Amazon Web Services and Marketplace sellers.
6093
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
5883
6094
  #
5884
6095
  # Vendors, you can use the managed rule set APIs to provide controlled
5885
6096
  # rollout of your versioned managed rule group offerings for your
@@ -5955,6 +6166,8 @@ module Aws::WAFV2
5955
6166
  # This is used only to indicate the web request component for WAF to
5956
6167
  # inspect, in the FieldToMatch specification.
5957
6168
  #
6169
+ # JSON specification: `"Method": \{\}`
6170
+ #
5958
6171
  # @api private
5959
6172
  #
5960
6173
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Method AWS API Documentation
@@ -5968,6 +6181,8 @@ module Aws::WAFV2
5968
6181
  # This is used in the context of other settings, for example to specify
5969
6182
  # values for RuleAction and web ACL DefaultAction.
5970
6183
  #
6184
+ # JSON specification: `"None": \{\}`
6185
+ #
5971
6186
  # @api private
5972
6187
  #
5973
6188
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/NoneAction AWS API Documentation
@@ -6232,6 +6447,42 @@ module Aws::WAFV2
6232
6447
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6233
6448
  # key: "LabelMatchKey", # required
6234
6449
  # },
6450
+ # regex_match_statement: {
6451
+ # regex_string: "RegexPatternString", # required
6452
+ # field_to_match: { # required
6453
+ # single_header: {
6454
+ # name: "FieldToMatchData", # required
6455
+ # },
6456
+ # single_query_argument: {
6457
+ # name: "FieldToMatchData", # required
6458
+ # },
6459
+ # all_query_arguments: {
6460
+ # },
6461
+ # uri_path: {
6462
+ # },
6463
+ # query_string: {
6464
+ # },
6465
+ # body: {
6466
+ # },
6467
+ # method: {
6468
+ # },
6469
+ # json_body: {
6470
+ # match_pattern: { # required
6471
+ # all: {
6472
+ # },
6473
+ # included_paths: ["JsonPointerPath"],
6474
+ # },
6475
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6476
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6477
+ # },
6478
+ # },
6479
+ # text_transformations: [ # required
6480
+ # {
6481
+ # priority: 1, # required
6482
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6483
+ # },
6484
+ # ],
6485
+ # },
6235
6486
  # },
6236
6487
  # }
6237
6488
  #
@@ -6503,6 +6754,42 @@ module Aws::WAFV2
6503
6754
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6504
6755
  # key: "LabelMatchKey", # required
6505
6756
  # },
6757
+ # regex_match_statement: {
6758
+ # regex_string: "RegexPatternString", # required
6759
+ # field_to_match: { # required
6760
+ # single_header: {
6761
+ # name: "FieldToMatchData", # required
6762
+ # },
6763
+ # single_query_argument: {
6764
+ # name: "FieldToMatchData", # required
6765
+ # },
6766
+ # all_query_arguments: {
6767
+ # },
6768
+ # uri_path: {
6769
+ # },
6770
+ # query_string: {
6771
+ # },
6772
+ # body: {
6773
+ # },
6774
+ # method: {
6775
+ # },
6776
+ # json_body: {
6777
+ # match_pattern: { # required
6778
+ # all: {
6779
+ # },
6780
+ # included_paths: ["JsonPointerPath"],
6781
+ # },
6782
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6783
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6784
+ # },
6785
+ # },
6786
+ # text_transformations: [ # required
6787
+ # {
6788
+ # priority: 1, # required
6789
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6790
+ # },
6791
+ # ],
6792
+ # },
6506
6793
  # },
6507
6794
  # ],
6508
6795
  # }
@@ -6812,6 +7099,8 @@ module Aws::WAFV2
6812
7099
  # This is used only to indicate the web request component for WAF to
6813
7100
  # inspect, in the FieldToMatch specification.
6814
7101
  #
7102
+ # JSON specification: `"QueryString": \{\}`
7103
+ #
6815
7104
  # @api private
6816
7105
  #
6817
7106
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/QueryString AWS API Documentation
@@ -6824,6 +7113,15 @@ module Aws::WAFV2
6824
7113
  # You can use this to put a temporary block on requests from an IP
6825
7114
  # address that is sending excessive requests.
6826
7115
  #
7116
+ # WAF tracks and manages web requests separately for each instance of a
7117
+ # rate-based rule that you use. For example, if you provide the same
7118
+ # rate-based rule settings in two web ACLs, each of the two rule
7119
+ # statements represents a separate instance of the rate-based rule and
7120
+ # gets its own tracking and management by WAF. If you define a
7121
+ # rate-based rule inside a rule group, and then use that rule group in
7122
+ # multiple places, each use creates a separate instance of the
7123
+ # rate-based rule that gets its own tracking and management by WAF.
7124
+ #
6827
7125
  # When the rule action triggers, WAF blocks additional requests from the
6828
7126
  # IP address until the request rate falls below the limit.
6829
7127
  #
@@ -6847,9 +7145,9 @@ module Aws::WAFV2
6847
7145
  # not meet both conditions are not counted towards the rate limit and
6848
7146
  # are not affected by this rule.
6849
7147
  #
6850
- # You cannot nest a `RateBasedStatement`, for example for use inside a
6851
- # `NotStatement` or `OrStatement`. It can only be referenced as a
6852
- # top-level statement within a rule.
7148
+ # You cannot nest a `RateBasedStatement` inside another statement, for
7149
+ # example inside a `NotStatement` or `OrStatement`. You can define a
7150
+ # `RateBasedStatement` inside a web ACL and inside a rule group.
6853
7151
  #
6854
7152
  # @note When making an API call, you may pass RateBasedStatement
6855
7153
  # data as a hash:
@@ -7108,7 +7406,43 @@ module Aws::WAFV2
7108
7406
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7109
7407
  # key: "LabelMatchKey", # required
7110
7408
  # },
7111
- # },
7409
+ # regex_match_statement: {
7410
+ # regex_string: "RegexPatternString", # required
7411
+ # field_to_match: { # required
7412
+ # single_header: {
7413
+ # name: "FieldToMatchData", # required
7414
+ # },
7415
+ # single_query_argument: {
7416
+ # name: "FieldToMatchData", # required
7417
+ # },
7418
+ # all_query_arguments: {
7419
+ # },
7420
+ # uri_path: {
7421
+ # },
7422
+ # query_string: {
7423
+ # },
7424
+ # body: {
7425
+ # },
7426
+ # method: {
7427
+ # },
7428
+ # json_body: {
7429
+ # match_pattern: { # required
7430
+ # all: {
7431
+ # },
7432
+ # included_paths: ["JsonPointerPath"],
7433
+ # },
7434
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7435
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7436
+ # },
7437
+ # },
7438
+ # text_transformations: [ # required
7439
+ # {
7440
+ # priority: 1, # required
7441
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7442
+ # },
7443
+ # ],
7444
+ # },
7445
+ # },
7112
7446
  # forwarded_ip_config: {
7113
7447
  # header_name: "ForwardedIPHeaderName", # required
7114
7448
  # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
@@ -7167,8 +7501,8 @@ module Aws::WAFV2
7167
7501
  include Aws::Structure
7168
7502
  end
7169
7503
 
7170
- # The set of IP addresses that are currently blocked for a rate-based
7171
- # statement.
7504
+ # The set of IP addresses that are currently blocked for a
7505
+ # RateBasedStatement.
7172
7506
  #
7173
7507
  # @!attribute [rw] ip_address_version
7174
7508
  # The version of the IP addresses, either `IPV4` or `IPV6`.
@@ -7208,6 +7542,77 @@ module Aws::WAFV2
7208
7542
  include Aws::Structure
7209
7543
  end
7210
7544
 
7545
+ # A rule statement used to search web request components for a match
7546
+ # against a single regular expression.
7547
+ #
7548
+ # @note When making an API call, you may pass RegexMatchStatement
7549
+ # data as a hash:
7550
+ #
7551
+ # {
7552
+ # regex_string: "RegexPatternString", # required
7553
+ # field_to_match: { # required
7554
+ # single_header: {
7555
+ # name: "FieldToMatchData", # required
7556
+ # },
7557
+ # single_query_argument: {
7558
+ # name: "FieldToMatchData", # required
7559
+ # },
7560
+ # all_query_arguments: {
7561
+ # },
7562
+ # uri_path: {
7563
+ # },
7564
+ # query_string: {
7565
+ # },
7566
+ # body: {
7567
+ # },
7568
+ # method: {
7569
+ # },
7570
+ # json_body: {
7571
+ # match_pattern: { # required
7572
+ # all: {
7573
+ # },
7574
+ # included_paths: ["JsonPointerPath"],
7575
+ # },
7576
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7577
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7578
+ # },
7579
+ # },
7580
+ # text_transformations: [ # required
7581
+ # {
7582
+ # priority: 1, # required
7583
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7584
+ # },
7585
+ # ],
7586
+ # }
7587
+ #
7588
+ # @!attribute [rw] regex_string
7589
+ # The string representing the regular expression.
7590
+ # @return [String]
7591
+ #
7592
+ # @!attribute [rw] field_to_match
7593
+ # The part of a web request that you want WAF to inspect. For more
7594
+ # information, see FieldToMatch.
7595
+ # @return [Types::FieldToMatch]
7596
+ #
7597
+ # @!attribute [rw] text_transformations
7598
+ # Text transformations eliminate some of the unusual formatting that
7599
+ # attackers use in web requests in an effort to bypass detection. If
7600
+ # you specify one or more transformations in a rule statement, WAF
7601
+ # performs all transformations on the content of the request component
7602
+ # identified by `FieldToMatch`, starting from the lowest priority
7603
+ # setting, before inspecting the content for a match.
7604
+ # @return [Array<Types::TextTransformation>]
7605
+ #
7606
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
7607
+ #
7608
+ class RegexMatchStatement < Struct.new(
7609
+ :regex_string,
7610
+ :field_to_match,
7611
+ :text_transformations)
7612
+ SENSITIVE = []
7613
+ include Aws::Structure
7614
+ end
7615
+
7211
7616
  # Contains one or more regular expressions.
7212
7617
  #
7213
7618
  # WAF assigns an ARN to each `RegexPatternSet` that you create. To use a
@@ -7641,6 +8046,42 @@ module Aws::WAFV2
7641
8046
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7642
8047
  # key: "LabelMatchKey", # required
7643
8048
  # },
8049
+ # regex_match_statement: {
8050
+ # regex_string: "RegexPatternString", # required
8051
+ # field_to_match: { # required
8052
+ # single_header: {
8053
+ # name: "FieldToMatchData", # required
8054
+ # },
8055
+ # single_query_argument: {
8056
+ # name: "FieldToMatchData", # required
8057
+ # },
8058
+ # all_query_arguments: {
8059
+ # },
8060
+ # uri_path: {
8061
+ # },
8062
+ # query_string: {
8063
+ # },
8064
+ # body: {
8065
+ # },
8066
+ # method: {
8067
+ # },
8068
+ # json_body: {
8069
+ # match_pattern: { # required
8070
+ # all: {
8071
+ # },
8072
+ # included_paths: ["JsonPointerPath"],
8073
+ # },
8074
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
8075
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
8076
+ # },
8077
+ # },
8078
+ # text_transformations: [ # required
8079
+ # {
8080
+ # priority: 1, # required
8081
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
8082
+ # },
8083
+ # ],
8084
+ # },
7644
8085
  # },
7645
8086
  # action: {
7646
8087
  # block: {
@@ -7996,8 +8437,8 @@ module Aws::WAFV2
7996
8437
  # provide the ARN of the rule group in this statement.
7997
8438
  #
7998
8439
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
7999
- # inside a `NotStatement` or `OrStatement`. It can only be referenced as
8000
- # a top-level statement within a rule.
8440
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
8441
+ # group reference statement at the top level inside a web ACL.
8001
8442
  #
8002
8443
  # @note When making an API call, you may pass RuleGroupReferenceStatement
8003
8444
  # data as a hash:
@@ -8179,6 +8620,8 @@ module Aws::WAFV2
8179
8620
  # This is used only to indicate the web request component for WAF to
8180
8621
  # inspect, in the FieldToMatch specification.
8181
8622
  #
8623
+ # Example JSON: `"SingleHeader": \{ "Name": "haystack" \}`
8624
+ #
8182
8625
  # @note When making an API call, you may pass SingleHeader
8183
8626
  # data as a hash:
8184
8627
  #
@@ -8202,6 +8645,8 @@ module Aws::WAFV2
8202
8645
  # *UserName* or *SalesRegion*. The name can be up to 30 characters long
8203
8646
  # and isn't case sensitive.
8204
8647
  #
8648
+ # Example JSON: `"SingleQueryArgument": \{ "Name": "myArgument" \}`
8649
+ #
8205
8650
  # @note When making an API call, you may pass SingleQueryArgument
8206
8651
  # data as a hash:
8207
8652
  #
@@ -8837,6 +9282,42 @@ module Aws::WAFV2
8837
9282
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8838
9283
  # key: "LabelMatchKey", # required
8839
9284
  # },
9285
+ # regex_match_statement: {
9286
+ # regex_string: "RegexPatternString", # required
9287
+ # field_to_match: { # required
9288
+ # single_header: {
9289
+ # name: "FieldToMatchData", # required
9290
+ # },
9291
+ # single_query_argument: {
9292
+ # name: "FieldToMatchData", # required
9293
+ # },
9294
+ # all_query_arguments: {
9295
+ # },
9296
+ # uri_path: {
9297
+ # },
9298
+ # query_string: {
9299
+ # },
9300
+ # body: {
9301
+ # },
9302
+ # method: {
9303
+ # },
9304
+ # json_body: {
9305
+ # match_pattern: { # required
9306
+ # all: {
9307
+ # },
9308
+ # included_paths: ["JsonPointerPath"],
9309
+ # },
9310
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9311
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9312
+ # },
9313
+ # },
9314
+ # text_transformations: [ # required
9315
+ # {
9316
+ # priority: 1, # required
9317
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9318
+ # },
9319
+ # ],
9320
+ # },
8840
9321
  # },
8841
9322
  # forwarded_ip_config: {
8842
9323
  # header_name: "ForwardedIPHeaderName", # required
@@ -9090,6 +9571,42 @@ module Aws::WAFV2
9090
9571
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9091
9572
  # key: "LabelMatchKey", # required
9092
9573
  # },
9574
+ # regex_match_statement: {
9575
+ # regex_string: "RegexPatternString", # required
9576
+ # field_to_match: { # required
9577
+ # single_header: {
9578
+ # name: "FieldToMatchData", # required
9579
+ # },
9580
+ # single_query_argument: {
9581
+ # name: "FieldToMatchData", # required
9582
+ # },
9583
+ # all_query_arguments: {
9584
+ # },
9585
+ # uri_path: {
9586
+ # },
9587
+ # query_string: {
9588
+ # },
9589
+ # body: {
9590
+ # },
9591
+ # method: {
9592
+ # },
9593
+ # json_body: {
9594
+ # match_pattern: { # required
9595
+ # all: {
9596
+ # },
9597
+ # included_paths: ["JsonPointerPath"],
9598
+ # },
9599
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9600
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9601
+ # },
9602
+ # },
9603
+ # text_transformations: [ # required
9604
+ # {
9605
+ # priority: 1, # required
9606
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9607
+ # },
9608
+ # ],
9609
+ # },
9093
9610
  # },
9094
9611
  # ],
9095
9612
  # },
@@ -9340,6 +9857,42 @@ module Aws::WAFV2
9340
9857
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9341
9858
  # key: "LabelMatchKey", # required
9342
9859
  # },
9860
+ # regex_match_statement: {
9861
+ # regex_string: "RegexPatternString", # required
9862
+ # field_to_match: { # required
9863
+ # single_header: {
9864
+ # name: "FieldToMatchData", # required
9865
+ # },
9866
+ # single_query_argument: {
9867
+ # name: "FieldToMatchData", # required
9868
+ # },
9869
+ # all_query_arguments: {
9870
+ # },
9871
+ # uri_path: {
9872
+ # },
9873
+ # query_string: {
9874
+ # },
9875
+ # body: {
9876
+ # },
9877
+ # method: {
9878
+ # },
9879
+ # json_body: {
9880
+ # match_pattern: { # required
9881
+ # all: {
9882
+ # },
9883
+ # included_paths: ["JsonPointerPath"],
9884
+ # },
9885
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9886
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9887
+ # },
9888
+ # },
9889
+ # text_transformations: [ # required
9890
+ # {
9891
+ # priority: 1, # required
9892
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9893
+ # },
9894
+ # ],
9895
+ # },
9343
9896
  # },
9344
9897
  # ],
9345
9898
  # },
@@ -9593,6 +10146,42 @@ module Aws::WAFV2
9593
10146
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9594
10147
  # key: "LabelMatchKey", # required
9595
10148
  # },
10149
+ # regex_match_statement: {
10150
+ # regex_string: "RegexPatternString", # required
10151
+ # field_to_match: { # required
10152
+ # single_header: {
10153
+ # name: "FieldToMatchData", # required
10154
+ # },
10155
+ # single_query_argument: {
10156
+ # name: "FieldToMatchData", # required
10157
+ # },
10158
+ # all_query_arguments: {
10159
+ # },
10160
+ # uri_path: {
10161
+ # },
10162
+ # query_string: {
10163
+ # },
10164
+ # body: {
10165
+ # },
10166
+ # method: {
10167
+ # },
10168
+ # json_body: {
10169
+ # match_pattern: { # required
10170
+ # all: {
10171
+ # },
10172
+ # included_paths: ["JsonPointerPath"],
10173
+ # },
10174
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10175
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10176
+ # },
10177
+ # },
10178
+ # text_transformations: [ # required
10179
+ # {
10180
+ # priority: 1, # required
10181
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10182
+ # },
10183
+ # ],
10184
+ # },
9596
10185
  # },
9597
10186
  # },
9598
10187
  # managed_rule_group_statement: {
@@ -9845,12 +10434,84 @@ module Aws::WAFV2
9845
10434
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9846
10435
  # key: "LabelMatchKey", # required
9847
10436
  # },
10437
+ # regex_match_statement: {
10438
+ # regex_string: "RegexPatternString", # required
10439
+ # field_to_match: { # required
10440
+ # single_header: {
10441
+ # name: "FieldToMatchData", # required
10442
+ # },
10443
+ # single_query_argument: {
10444
+ # name: "FieldToMatchData", # required
10445
+ # },
10446
+ # all_query_arguments: {
10447
+ # },
10448
+ # uri_path: {
10449
+ # },
10450
+ # query_string: {
10451
+ # },
10452
+ # body: {
10453
+ # },
10454
+ # method: {
10455
+ # },
10456
+ # json_body: {
10457
+ # match_pattern: { # required
10458
+ # all: {
10459
+ # },
10460
+ # included_paths: ["JsonPointerPath"],
10461
+ # },
10462
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10463
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10464
+ # },
10465
+ # },
10466
+ # text_transformations: [ # required
10467
+ # {
10468
+ # priority: 1, # required
10469
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10470
+ # },
10471
+ # ],
10472
+ # },
9848
10473
  # },
9849
10474
  # },
9850
10475
  # label_match_statement: {
9851
10476
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9852
10477
  # key: "LabelMatchKey", # required
9853
10478
  # },
10479
+ # regex_match_statement: {
10480
+ # regex_string: "RegexPatternString", # required
10481
+ # field_to_match: { # required
10482
+ # single_header: {
10483
+ # name: "FieldToMatchData", # required
10484
+ # },
10485
+ # single_query_argument: {
10486
+ # name: "FieldToMatchData", # required
10487
+ # },
10488
+ # all_query_arguments: {
10489
+ # },
10490
+ # uri_path: {
10491
+ # },
10492
+ # query_string: {
10493
+ # },
10494
+ # body: {
10495
+ # },
10496
+ # method: {
10497
+ # },
10498
+ # json_body: {
10499
+ # match_pattern: { # required
10500
+ # all: {
10501
+ # },
10502
+ # included_paths: ["JsonPointerPath"],
10503
+ # },
10504
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10505
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10506
+ # },
10507
+ # },
10508
+ # text_transformations: [ # required
10509
+ # {
10510
+ # priority: 1, # required
10511
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10512
+ # },
10513
+ # ],
10514
+ # },
9854
10515
  # }
9855
10516
  #
9856
10517
  # @!attribute [rw] byte_match_statement
@@ -9913,8 +10574,8 @@ module Aws::WAFV2
9913
10574
  # provide the ARN of the rule group in this statement.
9914
10575
  #
9915
10576
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
9916
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
9917
- # as a top-level statement within a rule.
10577
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
10578
+ # group reference statement at the top level inside a web ACL.
9918
10579
  # @return [Types::RuleGroupReferenceStatement]
9919
10580
  #
9920
10581
  # @!attribute [rw] ip_set_reference_statement
@@ -9952,6 +10613,15 @@ module Aws::WAFV2
9952
10613
  # time span. You can use this to put a temporary block on requests
9953
10614
  # from an IP address that is sending excessive requests.
9954
10615
  #
10616
+ # WAF tracks and manages web requests separately for each instance of
10617
+ # a rate-based rule that you use. For example, if you provide the same
10618
+ # rate-based rule settings in two web ACLs, each of the two rule
10619
+ # statements represents a separate instance of the rate-based rule and
10620
+ # gets its own tracking and management by WAF. If you define a
10621
+ # rate-based rule inside a rule group, and then use that rule group in
10622
+ # multiple places, each use creates a separate instance of the
10623
+ # rate-based rule that gets its own tracking and management by WAF.
10624
+ #
9955
10625
  # When the rule action triggers, WAF blocks additional requests from
9956
10626
  # the IP address until the request rate falls below the limit.
9957
10627
  #
@@ -9975,9 +10645,9 @@ module Aws::WAFV2
9975
10645
  # do not meet both conditions are not counted towards the rate limit
9976
10646
  # and are not affected by this rule.
9977
10647
  #
9978
- # You cannot nest a `RateBasedStatement`, for example for use inside a
9979
- # `NotStatement` or `OrStatement`. It can only be referenced as a
9980
- # top-level statement within a rule.
10648
+ # You cannot nest a `RateBasedStatement` inside another statement, for
10649
+ # example inside a `NotStatement` or `OrStatement`. You can define a
10650
+ # `RateBasedStatement` inside a web ACL and inside a rule group.
9981
10651
  # @return [Types::RateBasedStatement]
9982
10652
  #
9983
10653
  # @!attribute [rw] and_statement
@@ -10023,6 +10693,11 @@ module Aws::WAFV2
10023
10693
  # that were added in the same context as the label match statement.
10024
10694
  # @return [Types::LabelMatchStatement]
10025
10695
  #
10696
+ # @!attribute [rw] regex_match_statement
10697
+ # A rule statement used to search web request components for a match
10698
+ # against a single regular expression.
10699
+ # @return [Types::RegexMatchStatement]
10700
+ #
10026
10701
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Statement AWS API Documentation
10027
10702
  #
10028
10703
  class Statement < Struct.new(
@@ -10039,7 +10714,8 @@ module Aws::WAFV2
10039
10714
  :or_statement,
10040
10715
  :not_statement,
10041
10716
  :managed_rule_group_statement,
10042
- :label_match_statement)
10717
+ :label_match_statement,
10718
+ :regex_match_statement)
10043
10719
  SENSITIVE = []
10044
10720
  include Aws::Structure
10045
10721
  end
@@ -10965,6 +11641,42 @@ module Aws::WAFV2
10965
11641
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
10966
11642
  # key: "LabelMatchKey", # required
10967
11643
  # },
11644
+ # regex_match_statement: {
11645
+ # regex_string: "RegexPatternString", # required
11646
+ # field_to_match: { # required
11647
+ # single_header: {
11648
+ # name: "FieldToMatchData", # required
11649
+ # },
11650
+ # single_query_argument: {
11651
+ # name: "FieldToMatchData", # required
11652
+ # },
11653
+ # all_query_arguments: {
11654
+ # },
11655
+ # uri_path: {
11656
+ # },
11657
+ # query_string: {
11658
+ # },
11659
+ # body: {
11660
+ # },
11661
+ # method: {
11662
+ # },
11663
+ # json_body: {
11664
+ # match_pattern: { # required
11665
+ # all: {
11666
+ # },
11667
+ # included_paths: ["JsonPointerPath"],
11668
+ # },
11669
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
11670
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
11671
+ # },
11672
+ # },
11673
+ # text_transformations: [ # required
11674
+ # {
11675
+ # priority: 1, # required
11676
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
11677
+ # },
11678
+ # ],
11679
+ # },
10968
11680
  # },
10969
11681
  # action: {
10970
11682
  # block: {
@@ -11431,6 +12143,42 @@ module Aws::WAFV2
11431
12143
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
11432
12144
  # key: "LabelMatchKey", # required
11433
12145
  # },
12146
+ # regex_match_statement: {
12147
+ # regex_string: "RegexPatternString", # required
12148
+ # field_to_match: { # required
12149
+ # single_header: {
12150
+ # name: "FieldToMatchData", # required
12151
+ # },
12152
+ # single_query_argument: {
12153
+ # name: "FieldToMatchData", # required
12154
+ # },
12155
+ # all_query_arguments: {
12156
+ # },
12157
+ # uri_path: {
12158
+ # },
12159
+ # query_string: {
12160
+ # },
12161
+ # body: {
12162
+ # },
12163
+ # method: {
12164
+ # },
12165
+ # json_body: {
12166
+ # match_pattern: { # required
12167
+ # all: {
12168
+ # },
12169
+ # included_paths: ["JsonPointerPath"],
12170
+ # },
12171
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
12172
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
12173
+ # },
12174
+ # },
12175
+ # text_transformations: [ # required
12176
+ # {
12177
+ # priority: 1, # required
12178
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
12179
+ # },
12180
+ # ],
12181
+ # },
11434
12182
  # },
11435
12183
  # action: {
11436
12184
  # block: {
@@ -11623,6 +12371,8 @@ module Aws::WAFV2
11623
12371
  # This is used only to indicate the web request component for WAF to
11624
12372
  # inspect, in the FieldToMatch specification.
11625
12373
  #
12374
+ # JSON specification: `"UriPath": \{\}`
12375
+ #
11626
12376
  # @api private
11627
12377
  #
11628
12378
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UriPath AWS API Documentation
@@ -11633,7 +12383,7 @@ module Aws::WAFV2
11633
12383
  # vendor publishes for use by customers.
11634
12384
  #
11635
12385
  # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
11636
- # are Amazon Web Services and Marketplace sellers.
12386
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
11637
12387
  #
11638
12388
  # Vendors, you can use the managed rule set APIs to provide controlled
11639
12389
  # rollout of your versioned managed rule group offerings for your