aws-sdk-wafv2 1.26.0 → 1.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-wafv2/client.rb +381 -7
  5. data/lib/aws-sdk-wafv2/client_api.rb +36 -1
  6. data/lib/aws-sdk-wafv2/types.rb +1096 -107
  7. data/lib/aws-sdk-wafv2.rb +1 -1
  8. metadata +4 -4
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -16,7 +16,7 @@ module Aws::WAFV2
16
16
  # data as a hash:
17
17
  #
18
18
  # {
19
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
19
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
20
20
  # }
21
21
  #
22
22
  # @!attribute [rw] action
@@ -357,6 +357,42 @@ module Aws::WAFV2
357
357
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
358
358
  # key: "LabelMatchKey", # required
359
359
  # },
360
+ # regex_match_statement: {
361
+ # regex_string: "RegexPatternString", # required
362
+ # field_to_match: { # required
363
+ # single_header: {
364
+ # name: "FieldToMatchData", # required
365
+ # },
366
+ # single_query_argument: {
367
+ # name: "FieldToMatchData", # required
368
+ # },
369
+ # all_query_arguments: {
370
+ # },
371
+ # uri_path: {
372
+ # },
373
+ # query_string: {
374
+ # },
375
+ # body: {
376
+ # },
377
+ # method: {
378
+ # },
379
+ # json_body: {
380
+ # match_pattern: { # required
381
+ # all: {
382
+ # },
383
+ # included_paths: ["JsonPointerPath"],
384
+ # },
385
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
386
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
387
+ # },
388
+ # },
389
+ # text_transformations: [ # required
390
+ # {
391
+ # priority: 1, # required
392
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
393
+ # },
394
+ # ],
395
+ # },
360
396
  # },
361
397
  # ],
362
398
  # }
@@ -624,6 +660,125 @@ module Aws::WAFV2
624
660
  include Aws::Structure
625
661
  end
626
662
 
663
+ # Specifies that WAF should run a `CAPTCHA` check against the request:
664
+ #
665
+ # * If the request includes a valid, unexpired `CAPTCHA` token, WAF
666
+ # allows the web request inspection to proceed to the next rule,
667
+ # similar to a `CountAction`.
668
+ #
669
+ # * If the request doesn't include a valid, unexpired `CAPTCHA` token,
670
+ # WAF discontinues the web ACL evaluation of the request and blocks it
671
+ # from going to its intended destination.
672
+ #
673
+ # WAF generates a response that it sends back to the client, which
674
+ # includes the following:
675
+ #
676
+ # * The header `x-amzn-waf-action` with a value of `captcha`.
677
+ #
678
+ # * The HTTP status code `405 Method Not Allowed`.
679
+ #
680
+ # * If the request contains an `Accept` header with a value of
681
+ # `text/html`, the response includes a `CAPTCHA` challenge.
682
+ #
683
+ # You can configure the expiration time in the `CaptchaConfig`
684
+ # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
685
+ # setting overrides the web ACL setting.
686
+ #
687
+ # This action option is available for rules. It isn't available for web
688
+ # ACL default actions.
689
+ #
690
+ # This is used in the context of other settings, for example to specify
691
+ # values for RuleAction and web ACL DefaultAction.
692
+ #
693
+ # @note When making an API call, you may pass CaptchaAction
694
+ # data as a hash:
695
+ #
696
+ # {
697
+ # custom_request_handling: {
698
+ # insert_headers: [ # required
699
+ # {
700
+ # name: "CustomHTTPHeaderName", # required
701
+ # value: "CustomHTTPHeaderValue", # required
702
+ # },
703
+ # ],
704
+ # },
705
+ # }
706
+ #
707
+ # @!attribute [rw] custom_request_handling
708
+ # Defines custom handling for the web request.
709
+ #
710
+ # For information about customizing web requests and responses, see
711
+ # [Customizing web requests and responses in WAF][1] in the [WAF
712
+ # Developer Guide][2].
713
+ #
714
+ #
715
+ #
716
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
717
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
718
+ # @return [Types::CustomRequestHandling]
719
+ #
720
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
721
+ #
722
+ class CaptchaAction < Struct.new(
723
+ :custom_request_handling)
724
+ SENSITIVE = []
725
+ include Aws::Structure
726
+ end
727
+
728
+ # Specifies how WAF should handle `CAPTCHA` evaluations. This is
729
+ # available at the web ACL level and in each rule.
730
+ #
731
+ # @note When making an API call, you may pass CaptchaConfig
732
+ # data as a hash:
733
+ #
734
+ # {
735
+ # immunity_time_property: {
736
+ # immunity_time: 1, # required
737
+ # },
738
+ # }
739
+ #
740
+ # @!attribute [rw] immunity_time_property
741
+ # Determines how long a `CAPTCHA` token remains valid after the client
742
+ # successfully solves a `CAPTCHA` puzzle.
743
+ # @return [Types::ImmunityTimeProperty]
744
+ #
745
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaConfig AWS API Documentation
746
+ #
747
+ class CaptchaConfig < Struct.new(
748
+ :immunity_time_property)
749
+ SENSITIVE = []
750
+ include Aws::Structure
751
+ end
752
+
753
+ # The result from the inspection of the web request for a valid
754
+ # `CAPTCHA` token.
755
+ #
756
+ # @!attribute [rw] response_code
757
+ # The HTTP response code indicating the status of the `CAPTCHA` token
758
+ # in the web request. If the token is missing, invalid, or expired,
759
+ # this code is `405 Method Not Allowed`.
760
+ # @return [Integer]
761
+ #
762
+ # @!attribute [rw] solve_timestamp
763
+ # The time that the `CAPTCHA` puzzle was solved for the supplied
764
+ # token.
765
+ # @return [Integer]
766
+ #
767
+ # @!attribute [rw] failure_reason
768
+ # The reason for failure, populated when the evaluation of the token
769
+ # fails.
770
+ # @return [String]
771
+ #
772
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaResponse AWS API Documentation
773
+ #
774
+ class CaptchaResponse < Struct.new(
775
+ :response_code,
776
+ :solve_timestamp,
777
+ :failure_reason)
778
+ SENSITIVE = []
779
+ include Aws::Structure
780
+ end
781
+
627
782
  # @note When making an API call, you may pass CheckCapacityRequest
628
783
  # data as a hash:
629
784
  #
@@ -884,6 +1039,42 @@ module Aws::WAFV2
884
1039
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
885
1040
  # key: "LabelMatchKey", # required
886
1041
  # },
1042
+ # regex_match_statement: {
1043
+ # regex_string: "RegexPatternString", # required
1044
+ # field_to_match: { # required
1045
+ # single_header: {
1046
+ # name: "FieldToMatchData", # required
1047
+ # },
1048
+ # single_query_argument: {
1049
+ # name: "FieldToMatchData", # required
1050
+ # },
1051
+ # all_query_arguments: {
1052
+ # },
1053
+ # uri_path: {
1054
+ # },
1055
+ # query_string: {
1056
+ # },
1057
+ # body: {
1058
+ # },
1059
+ # method: {
1060
+ # },
1061
+ # json_body: {
1062
+ # match_pattern: { # required
1063
+ # all: {
1064
+ # },
1065
+ # included_paths: ["JsonPointerPath"],
1066
+ # },
1067
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
1068
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
1069
+ # },
1070
+ # },
1071
+ # text_transformations: [ # required
1072
+ # {
1073
+ # priority: 1, # required
1074
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
1075
+ # },
1076
+ # ],
1077
+ # },
887
1078
  # },
888
1079
  # action: {
889
1080
  # block: {
@@ -918,6 +1109,16 @@ module Aws::WAFV2
918
1109
  # ],
919
1110
  # },
920
1111
  # },
1112
+ # captcha: {
1113
+ # custom_request_handling: {
1114
+ # insert_headers: [ # required
1115
+ # {
1116
+ # name: "CustomHTTPHeaderName", # required
1117
+ # value: "CustomHTTPHeaderValue", # required
1118
+ # },
1119
+ # ],
1120
+ # },
1121
+ # },
921
1122
  # },
922
1123
  # override_action: {
923
1124
  # count: {
@@ -943,6 +1144,11 @@ module Aws::WAFV2
943
1144
  # cloud_watch_metrics_enabled: false, # required
944
1145
  # metric_name: "MetricName", # required
945
1146
  # },
1147
+ # captcha_config: {
1148
+ # immunity_time_property: {
1149
+ # immunity_time: 1, # required
1150
+ # },
1151
+ # },
946
1152
  # },
947
1153
  # ],
948
1154
  # }
@@ -995,7 +1201,7 @@ module Aws::WAFV2
995
1201
  #
996
1202
  # {
997
1203
  # action_condition: {
998
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
1204
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
999
1205
  # },
1000
1206
  # label_name_condition: {
1001
1207
  # label_name: "LabelName", # required
@@ -1514,6 +1720,42 @@ module Aws::WAFV2
1514
1720
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1515
1721
  # key: "LabelMatchKey", # required
1516
1722
  # },
1723
+ # regex_match_statement: {
1724
+ # regex_string: "RegexPatternString", # required
1725
+ # field_to_match: { # required
1726
+ # single_header: {
1727
+ # name: "FieldToMatchData", # required
1728
+ # },
1729
+ # single_query_argument: {
1730
+ # name: "FieldToMatchData", # required
1731
+ # },
1732
+ # all_query_arguments: {
1733
+ # },
1734
+ # uri_path: {
1735
+ # },
1736
+ # query_string: {
1737
+ # },
1738
+ # body: {
1739
+ # },
1740
+ # method: {
1741
+ # },
1742
+ # json_body: {
1743
+ # match_pattern: { # required
1744
+ # all: {
1745
+ # },
1746
+ # included_paths: ["JsonPointerPath"],
1747
+ # },
1748
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
1749
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
1750
+ # },
1751
+ # },
1752
+ # text_transformations: [ # required
1753
+ # {
1754
+ # priority: 1, # required
1755
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
1756
+ # },
1757
+ # ],
1758
+ # },
1517
1759
  # },
1518
1760
  # action: {
1519
1761
  # block: {
@@ -1548,6 +1790,16 @@ module Aws::WAFV2
1548
1790
  # ],
1549
1791
  # },
1550
1792
  # },
1793
+ # captcha: {
1794
+ # custom_request_handling: {
1795
+ # insert_headers: [ # required
1796
+ # {
1797
+ # name: "CustomHTTPHeaderName", # required
1798
+ # value: "CustomHTTPHeaderValue", # required
1799
+ # },
1800
+ # ],
1801
+ # },
1802
+ # },
1551
1803
  # },
1552
1804
  # override_action: {
1553
1805
  # count: {
@@ -1573,6 +1825,11 @@ module Aws::WAFV2
1573
1825
  # cloud_watch_metrics_enabled: false, # required
1574
1826
  # metric_name: "MetricName", # required
1575
1827
  # },
1828
+ # captcha_config: {
1829
+ # immunity_time_property: {
1830
+ # immunity_time: 1, # required
1831
+ # },
1832
+ # },
1576
1833
  # },
1577
1834
  # ],
1578
1835
  # visibility_config: { # required
@@ -1990,6 +2247,42 @@ module Aws::WAFV2
1990
2247
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1991
2248
  # key: "LabelMatchKey", # required
1992
2249
  # },
2250
+ # regex_match_statement: {
2251
+ # regex_string: "RegexPatternString", # required
2252
+ # field_to_match: { # required
2253
+ # single_header: {
2254
+ # name: "FieldToMatchData", # required
2255
+ # },
2256
+ # single_query_argument: {
2257
+ # name: "FieldToMatchData", # required
2258
+ # },
2259
+ # all_query_arguments: {
2260
+ # },
2261
+ # uri_path: {
2262
+ # },
2263
+ # query_string: {
2264
+ # },
2265
+ # body: {
2266
+ # },
2267
+ # method: {
2268
+ # },
2269
+ # json_body: {
2270
+ # match_pattern: { # required
2271
+ # all: {
2272
+ # },
2273
+ # included_paths: ["JsonPointerPath"],
2274
+ # },
2275
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
2276
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
2277
+ # },
2278
+ # },
2279
+ # text_transformations: [ # required
2280
+ # {
2281
+ # priority: 1, # required
2282
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
2283
+ # },
2284
+ # ],
2285
+ # },
1993
2286
  # },
1994
2287
  # action: {
1995
2288
  # block: {
@@ -2024,6 +2317,16 @@ module Aws::WAFV2
2024
2317
  # ],
2025
2318
  # },
2026
2319
  # },
2320
+ # captcha: {
2321
+ # custom_request_handling: {
2322
+ # insert_headers: [ # required
2323
+ # {
2324
+ # name: "CustomHTTPHeaderName", # required
2325
+ # value: "CustomHTTPHeaderValue", # required
2326
+ # },
2327
+ # ],
2328
+ # },
2329
+ # },
2027
2330
  # },
2028
2331
  # override_action: {
2029
2332
  # count: {
@@ -2049,6 +2352,11 @@ module Aws::WAFV2
2049
2352
  # cloud_watch_metrics_enabled: false, # required
2050
2353
  # metric_name: "MetricName", # required
2051
2354
  # },
2355
+ # captcha_config: {
2356
+ # immunity_time_property: {
2357
+ # immunity_time: 1, # required
2358
+ # },
2359
+ # },
2052
2360
  # },
2053
2361
  # ],
2054
2362
  # visibility_config: { # required
@@ -2068,6 +2376,11 @@ module Aws::WAFV2
2068
2376
  # content: "ResponseContent", # required
2069
2377
  # },
2070
2378
  # },
2379
+ # captcha_config: {
2380
+ # immunity_time_property: {
2381
+ # immunity_time: 1, # required
2382
+ # },
2383
+ # },
2071
2384
  # }
2072
2385
  #
2073
2386
  # @!attribute [rw] name
@@ -2136,6 +2449,12 @@ module Aws::WAFV2
2136
2449
  # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
2137
2450
  # @return [Hash<String,Types::CustomResponseBody>]
2138
2451
  #
2452
+ # @!attribute [rw] captcha_config
2453
+ # Specifies how WAF should handle `CAPTCHA` evaluations for rules that
2454
+ # don't have their own `CaptchaConfig` settings. If you don't
2455
+ # specify this, WAF uses its default settings for `CaptchaConfig`.
2456
+ # @return [Types::CaptchaConfig]
2457
+ #
2139
2458
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
2140
2459
  #
2141
2460
  class CreateWebACLRequest < Struct.new(
@@ -2146,7 +2465,8 @@ module Aws::WAFV2
2146
2465
  :rules,
2147
2466
  :visibility_config,
2148
2467
  :tags,
2149
- :custom_response_bodies)
2468
+ :custom_response_bodies,
2469
+ :captcha_config)
2150
2470
  SENSITIVE = []
2151
2471
  include Aws::Structure
2152
2472
  end
@@ -2929,10 +3249,11 @@ module Aws::WAFV2
2929
3249
  #
2930
3250
  class DisassociateWebACLResponse < Aws::EmptyStructure; end
2931
3251
 
2932
- # Specifies a single rule to exclude from the rule group. Excluding a
2933
- # rule overrides its action setting for the rule group in the web ACL,
2934
- # setting it to `COUNT`. This effectively excludes the rule from acting
2935
- # on web requests.
3252
+ # Specifies a single rule in a rule group whose action you want to
3253
+ # override to `Count`. When you exclude a rule, WAF evaluates it exactly
3254
+ # as it would if the rule action setting were `Count`. This is a useful
3255
+ # option for testing the rules in a rule group without modifying how
3256
+ # they handle your web traffic.
2936
3257
  #
2937
3258
  # @note When making an API call, you may pass ExcludedRule
2938
3259
  # data as a hash:
@@ -2942,7 +3263,7 @@ module Aws::WAFV2
2942
3263
  # }
2943
3264
  #
2944
3265
  # @!attribute [rw] name
2945
- # The name of the rule to exclude.
3266
+ # The name of the rule whose action you want to override to `Count`.
2946
3267
  # @return [String]
2947
3268
  #
2948
3269
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ExcludedRule AWS API Documentation
@@ -3097,7 +3418,7 @@ module Aws::WAFV2
3097
3418
  # conditions: [ # required
3098
3419
  # {
3099
3420
  # action_condition: {
3100
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
3421
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
3101
3422
  # },
3102
3423
  # label_name_condition: {
3103
3424
  # label_name: "LabelName", # required
@@ -3153,22 +3474,21 @@ module Aws::WAFV2
3153
3474
  # @return [Types::FirewallManagerStatement]
3154
3475
  #
3155
3476
  # @!attribute [rw] override_action
3156
- # The override action to apply to the rules in a rule group. Used only
3157
- # for rule statements that reference a rule group, like
3158
- # `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
3477
+ # The action to use in the place of the action that results from the
3478
+ # rule group evaluation. Set the override action to none to leave the
3479
+ # result of the rule group alone. Set it to count to override the
3480
+ # result to count only.
3159
3481
  #
3160
- # Set the override action to none to leave the rule actions in effect.
3161
- # Set it to count to only count matches, regardless of the rule action
3162
- # settings.
3482
+ # You can only use this for rule statements that reference a rule
3483
+ # group, like `RuleGroupReferenceStatement` and
3484
+ # `ManagedRuleGroupStatement`.
3163
3485
  #
3164
- # In a Rule, you must specify either this `OverrideAction` setting or
3165
- # the rule `Action` setting, but not both:
3486
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
3487
+ # in the rule group are evaluated. If you want the rules in the rule
3488
+ # group to only count matches, do not use this and instead exclude
3489
+ # those rules in your rule group reference statement settings.
3166
3490
  #
3167
- # * If the rule statement references a rule group, use this override
3168
- # action setting and not the action setting.
3169
- #
3170
- # * If the rule statement does not reference a rule group, use the
3171
- # rule action setting and not this rule override action setting.
3491
+ # </note>
3172
3492
  # @return [Types::OverrideAction]
3173
3493
  #
3174
3494
  # @!attribute [rw] visibility_config
@@ -4299,14 +4619,37 @@ module Aws::WAFV2
4299
4619
  include Aws::Structure
4300
4620
  end
4301
4621
 
4302
- # The body of a web request, inspected as JSON. The body immediately
4303
- # follows the request headers. This is used in the FieldToMatch
4304
- # specification.
4622
+ # Determines how long a `CAPTCHA` token remains valid after the client
4623
+ # successfully solves a `CAPTCHA` puzzle.
4305
4624
  #
4306
- # Use the specifications in this object to indicate which parts of the
4307
- # JSON body to inspect using the rule's inspection criteria. WAF
4308
- # inspects only the parts of the JSON that result from the matches that
4309
- # you indicate.
4625
+ # @note When making an API call, you may pass ImmunityTimeProperty
4626
+ # data as a hash:
4627
+ #
4628
+ # {
4629
+ # immunity_time: 1, # required
4630
+ # }
4631
+ #
4632
+ # @!attribute [rw] immunity_time
4633
+ # The amount of time, in seconds, that a `CAPTCHA` token is valid. The
4634
+ # default setting is 300.
4635
+ # @return [Integer]
4636
+ #
4637
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ImmunityTimeProperty AWS API Documentation
4638
+ #
4639
+ class ImmunityTimeProperty < Struct.new(
4640
+ :immunity_time)
4641
+ SENSITIVE = []
4642
+ include Aws::Structure
4643
+ end
4644
+
4645
+ # The body of a web request, inspected as JSON. The body immediately
4646
+ # follows the request headers. This is used in the FieldToMatch
4647
+ # specification.
4648
+ #
4649
+ # Use the specifications in this object to indicate which parts of the
4650
+ # JSON body to inspect using the rule's inspection criteria. WAF
4651
+ # inspects only the parts of the JSON that result from the matches that
4652
+ # you indicate.
4310
4653
  #
4311
4654
  # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
4312
4655
  # "MatchScope": "ALL" \}`
@@ -4779,7 +5122,7 @@ module Aws::WAFV2
4779
5122
  # data as a hash:
4780
5123
  #
4781
5124
  # {
4782
- # scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
5125
+ # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
4783
5126
  # next_marker: "NextMarker",
4784
5127
  # limit: 1,
4785
5128
  # }
@@ -5270,7 +5613,7 @@ module Aws::WAFV2
5270
5613
  # conditions: [ # required
5271
5614
  # {
5272
5615
  # action_condition: {
5273
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
5616
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
5274
5617
  # },
5275
5618
  # label_name_condition: {
5276
5619
  # label_name: "LabelName", # required
@@ -5346,7 +5689,7 @@ module Aws::WAFV2
5346
5689
  # conditions: [ # required
5347
5690
  # {
5348
5691
  # action_condition: {
5349
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
5692
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
5350
5693
  # },
5351
5694
  # label_name_condition: {
5352
5695
  # label_name: "LabelName", # required
@@ -5648,6 +5991,42 @@ module Aws::WAFV2
5648
5991
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
5649
5992
  # key: "LabelMatchKey", # required
5650
5993
  # },
5994
+ # regex_match_statement: {
5995
+ # regex_string: "RegexPatternString", # required
5996
+ # field_to_match: { # required
5997
+ # single_header: {
5998
+ # name: "FieldToMatchData", # required
5999
+ # },
6000
+ # single_query_argument: {
6001
+ # name: "FieldToMatchData", # required
6002
+ # },
6003
+ # all_query_arguments: {
6004
+ # },
6005
+ # uri_path: {
6006
+ # },
6007
+ # query_string: {
6008
+ # },
6009
+ # body: {
6010
+ # },
6011
+ # method: {
6012
+ # },
6013
+ # json_body: {
6014
+ # match_pattern: { # required
6015
+ # all: {
6016
+ # },
6017
+ # included_paths: ["JsonPointerPath"],
6018
+ # },
6019
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6020
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6021
+ # },
6022
+ # },
6023
+ # text_transformations: [ # required
6024
+ # {
6025
+ # priority: 1, # required
6026
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6027
+ # },
6028
+ # ],
6029
+ # },
5651
6030
  # },
5652
6031
  # }
5653
6032
  #
@@ -5670,9 +6049,11 @@ module Aws::WAFV2
5670
6049
  # @return [String]
5671
6050
  #
5672
6051
  # @!attribute [rw] excluded_rules
5673
- # The rules whose actions are set to `COUNT` by the web ACL,
5674
- # regardless of the action that is set on the rule. This effectively
5675
- # excludes the rule from acting on web requests.
6052
+ # The rules in the referenced rule group whose actions are set to
6053
+ # `Count`. When you exclude a rule, WAF evaluates it exactly as it
6054
+ # would if the rule action setting were `Count`. This is a useful
6055
+ # option for testing the rules in a rule group without modifying how
6056
+ # they handle your web traffic.
5676
6057
  # @return [Array<Types::ExcludedRule>]
5677
6058
  #
5678
6059
  # @!attribute [rw] scope_down_statement
@@ -5994,9 +6375,9 @@ module Aws::WAFV2
5994
6375
  #
5995
6376
  class Method < Aws::EmptyStructure; end
5996
6377
 
5997
- # Specifies that WAF should do nothing. This is generally used to try
5998
- # out a rule without performing any actions. You set the
5999
- # `OverrideAction` on the Rule.
6378
+ # Specifies that WAF should do nothing. This is used for the
6379
+ # `OverrideAction` setting on a Rule when the rule uses a rule group
6380
+ # reference statement.
6000
6381
  #
6001
6382
  # This is used in the context of other settings, for example to specify
6002
6383
  # values for RuleAction and web ACL DefaultAction.
@@ -6267,6 +6648,42 @@ module Aws::WAFV2
6267
6648
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6268
6649
  # key: "LabelMatchKey", # required
6269
6650
  # },
6651
+ # regex_match_statement: {
6652
+ # regex_string: "RegexPatternString", # required
6653
+ # field_to_match: { # required
6654
+ # single_header: {
6655
+ # name: "FieldToMatchData", # required
6656
+ # },
6657
+ # single_query_argument: {
6658
+ # name: "FieldToMatchData", # required
6659
+ # },
6660
+ # all_query_arguments: {
6661
+ # },
6662
+ # uri_path: {
6663
+ # },
6664
+ # query_string: {
6665
+ # },
6666
+ # body: {
6667
+ # },
6668
+ # method: {
6669
+ # },
6670
+ # json_body: {
6671
+ # match_pattern: { # required
6672
+ # all: {
6673
+ # },
6674
+ # included_paths: ["JsonPointerPath"],
6675
+ # },
6676
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6677
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6678
+ # },
6679
+ # },
6680
+ # text_transformations: [ # required
6681
+ # {
6682
+ # priority: 1, # required
6683
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6684
+ # },
6685
+ # ],
6686
+ # },
6270
6687
  # },
6271
6688
  # }
6272
6689
  #
@@ -6538,6 +6955,42 @@ module Aws::WAFV2
6538
6955
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6539
6956
  # key: "LabelMatchKey", # required
6540
6957
  # },
6958
+ # regex_match_statement: {
6959
+ # regex_string: "RegexPatternString", # required
6960
+ # field_to_match: { # required
6961
+ # single_header: {
6962
+ # name: "FieldToMatchData", # required
6963
+ # },
6964
+ # single_query_argument: {
6965
+ # name: "FieldToMatchData", # required
6966
+ # },
6967
+ # all_query_arguments: {
6968
+ # },
6969
+ # uri_path: {
6970
+ # },
6971
+ # query_string: {
6972
+ # },
6973
+ # body: {
6974
+ # },
6975
+ # method: {
6976
+ # },
6977
+ # json_body: {
6978
+ # match_pattern: { # required
6979
+ # all: {
6980
+ # },
6981
+ # included_paths: ["JsonPointerPath"],
6982
+ # },
6983
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6984
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6985
+ # },
6986
+ # },
6987
+ # text_transformations: [ # required
6988
+ # {
6989
+ # priority: 1, # required
6990
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6991
+ # },
6992
+ # ],
6993
+ # },
6541
6994
  # },
6542
6995
  # ],
6543
6996
  # }
@@ -6555,22 +7008,20 @@ module Aws::WAFV2
6555
7008
  include Aws::Structure
6556
7009
  end
6557
7010
 
6558
- # The override action to apply to the rules in a rule group. Used only
6559
- # for rule statements that reference a rule group, like
6560
- # `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
6561
- #
6562
- # Set the override action to none to leave the rule actions in effect.
6563
- # Set it to count to only count matches, regardless of the rule action
6564
- # settings.
7011
+ # The action to use in the place of the action that results from the
7012
+ # rule group evaluation. Set the override action to none to leave the
7013
+ # result of the rule group alone. Set it to count to override the result
7014
+ # to count only.
6565
7015
  #
6566
- # In a Rule, you must specify either this `OverrideAction` setting or
6567
- # the rule `Action` setting, but not both:
7016
+ # You can only use this for rule statements that reference a rule group,
7017
+ # like `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
6568
7018
  #
6569
- # * If the rule statement references a rule group, use this override
6570
- # action setting and not the action setting.
7019
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
7020
+ # in the rule group are evaluated. If you want the rules in the rule
7021
+ # group to only count matches, do not use this and instead exclude those
7022
+ # rules in your rule group reference statement settings.
6571
7023
  #
6572
- # * If the rule statement does not reference a rule group, use the rule
6573
- # action setting and not this rule override action setting.
7024
+ # </note>
6574
7025
  #
6575
7026
  # @note When making an API call, you may pass OverrideAction
6576
7027
  # data as a hash:
@@ -6591,11 +7042,19 @@ module Aws::WAFV2
6591
7042
  # }
6592
7043
  #
6593
7044
  # @!attribute [rw] count
6594
- # Override the rule action setting to count.
7045
+ # Override the rule group evaluation result to count only.
7046
+ #
7047
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
7048
+ # in the rule group are evaluated. If you want the rules in the rule
7049
+ # group to only count matches, do not use this and instead exclude
7050
+ # those rules in your rule group reference statement settings.
7051
+ #
7052
+ # </note>
6595
7053
  # @return [Types::CountAction]
6596
7054
  #
6597
7055
  # @!attribute [rw] none
6598
- # Don't override the rule action setting.
7056
+ # Don't override the rule group evaluation result. This is the most
7057
+ # common setting.
6599
7058
  # @return [Types::NoneAction]
6600
7059
  #
6601
7060
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/OverrideAction AWS API Documentation
@@ -6652,7 +7111,7 @@ module Aws::WAFV2
6652
7111
  # conditions: [ # required
6653
7112
  # {
6654
7113
  # action_condition: {
6655
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
7114
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
6656
7115
  # },
6657
7116
  # label_name_condition: {
6658
7117
  # label_name: "LabelName", # required
@@ -7154,6 +7613,42 @@ module Aws::WAFV2
7154
7613
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7155
7614
  # key: "LabelMatchKey", # required
7156
7615
  # },
7616
+ # regex_match_statement: {
7617
+ # regex_string: "RegexPatternString", # required
7618
+ # field_to_match: { # required
7619
+ # single_header: {
7620
+ # name: "FieldToMatchData", # required
7621
+ # },
7622
+ # single_query_argument: {
7623
+ # name: "FieldToMatchData", # required
7624
+ # },
7625
+ # all_query_arguments: {
7626
+ # },
7627
+ # uri_path: {
7628
+ # },
7629
+ # query_string: {
7630
+ # },
7631
+ # body: {
7632
+ # },
7633
+ # method: {
7634
+ # },
7635
+ # json_body: {
7636
+ # match_pattern: { # required
7637
+ # all: {
7638
+ # },
7639
+ # included_paths: ["JsonPointerPath"],
7640
+ # },
7641
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7642
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7643
+ # },
7644
+ # },
7645
+ # text_transformations: [ # required
7646
+ # {
7647
+ # priority: 1, # required
7648
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7649
+ # },
7650
+ # ],
7651
+ # },
7157
7652
  # },
7158
7653
  # forwarded_ip_config: {
7159
7654
  # header_name: "ForwardedIPHeaderName", # required
@@ -7254,6 +7749,77 @@ module Aws::WAFV2
7254
7749
  include Aws::Structure
7255
7750
  end
7256
7751
 
7752
+ # A rule statement used to search web request components for a match
7753
+ # against a single regular expression.
7754
+ #
7755
+ # @note When making an API call, you may pass RegexMatchStatement
7756
+ # data as a hash:
7757
+ #
7758
+ # {
7759
+ # regex_string: "RegexPatternString", # required
7760
+ # field_to_match: { # required
7761
+ # single_header: {
7762
+ # name: "FieldToMatchData", # required
7763
+ # },
7764
+ # single_query_argument: {
7765
+ # name: "FieldToMatchData", # required
7766
+ # },
7767
+ # all_query_arguments: {
7768
+ # },
7769
+ # uri_path: {
7770
+ # },
7771
+ # query_string: {
7772
+ # },
7773
+ # body: {
7774
+ # },
7775
+ # method: {
7776
+ # },
7777
+ # json_body: {
7778
+ # match_pattern: { # required
7779
+ # all: {
7780
+ # },
7781
+ # included_paths: ["JsonPointerPath"],
7782
+ # },
7783
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7784
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7785
+ # },
7786
+ # },
7787
+ # text_transformations: [ # required
7788
+ # {
7789
+ # priority: 1, # required
7790
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7791
+ # },
7792
+ # ],
7793
+ # }
7794
+ #
7795
+ # @!attribute [rw] regex_string
7796
+ # The string representing the regular expression.
7797
+ # @return [String]
7798
+ #
7799
+ # @!attribute [rw] field_to_match
7800
+ # The part of a web request that you want WAF to inspect. For more
7801
+ # information, see FieldToMatch.
7802
+ # @return [Types::FieldToMatch]
7803
+ #
7804
+ # @!attribute [rw] text_transformations
7805
+ # Text transformations eliminate some of the unusual formatting that
7806
+ # attackers use in web requests in an effort to bypass detection. If
7807
+ # you specify one or more transformations in a rule statement, WAF
7808
+ # performs all transformations on the content of the request component
7809
+ # identified by `FieldToMatch`, starting from the lowest priority
7810
+ # setting, before inspecting the content for a match.
7811
+ # @return [Array<Types::TextTransformation>]
7812
+ #
7813
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
7814
+ #
7815
+ class RegexMatchStatement < Struct.new(
7816
+ :regex_string,
7817
+ :field_to_match,
7818
+ :text_transformations)
7819
+ SENSITIVE = []
7820
+ include Aws::Structure
7821
+ end
7822
+
7257
7823
  # Contains one or more regular expressions.
7258
7824
  #
7259
7825
  # WAF assigns an ARN to each `RegexPatternSet` that you create. To use a
@@ -7687,36 +8253,82 @@ module Aws::WAFV2
7687
8253
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7688
8254
  # key: "LabelMatchKey", # required
7689
8255
  # },
7690
- # },
7691
- # action: {
7692
- # block: {
7693
- # custom_response: {
7694
- # response_code: 1, # required
7695
- # custom_response_body_key: "EntityName",
7696
- # response_headers: [
7697
- # {
7698
- # name: "CustomHTTPHeaderName", # required
7699
- # value: "CustomHTTPHeaderValue", # required
7700
- # },
7701
- # ],
7702
- # },
7703
- # },
7704
- # allow: {
7705
- # custom_request_handling: {
7706
- # insert_headers: [ # required
7707
- # {
7708
- # name: "CustomHTTPHeaderName", # required
7709
- # value: "CustomHTTPHeaderValue", # required
7710
- # },
7711
- # ],
7712
- # },
7713
- # },
7714
- # count: {
7715
- # custom_request_handling: {
7716
- # insert_headers: [ # required
7717
- # {
7718
- # name: "CustomHTTPHeaderName", # required
7719
- # value: "CustomHTTPHeaderValue", # required
8256
+ # regex_match_statement: {
8257
+ # regex_string: "RegexPatternString", # required
8258
+ # field_to_match: { # required
8259
+ # single_header: {
8260
+ # name: "FieldToMatchData", # required
8261
+ # },
8262
+ # single_query_argument: {
8263
+ # name: "FieldToMatchData", # required
8264
+ # },
8265
+ # all_query_arguments: {
8266
+ # },
8267
+ # uri_path: {
8268
+ # },
8269
+ # query_string: {
8270
+ # },
8271
+ # body: {
8272
+ # },
8273
+ # method: {
8274
+ # },
8275
+ # json_body: {
8276
+ # match_pattern: { # required
8277
+ # all: {
8278
+ # },
8279
+ # included_paths: ["JsonPointerPath"],
8280
+ # },
8281
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
8282
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
8283
+ # },
8284
+ # },
8285
+ # text_transformations: [ # required
8286
+ # {
8287
+ # priority: 1, # required
8288
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
8289
+ # },
8290
+ # ],
8291
+ # },
8292
+ # },
8293
+ # action: {
8294
+ # block: {
8295
+ # custom_response: {
8296
+ # response_code: 1, # required
8297
+ # custom_response_body_key: "EntityName",
8298
+ # response_headers: [
8299
+ # {
8300
+ # name: "CustomHTTPHeaderName", # required
8301
+ # value: "CustomHTTPHeaderValue", # required
8302
+ # },
8303
+ # ],
8304
+ # },
8305
+ # },
8306
+ # allow: {
8307
+ # custom_request_handling: {
8308
+ # insert_headers: [ # required
8309
+ # {
8310
+ # name: "CustomHTTPHeaderName", # required
8311
+ # value: "CustomHTTPHeaderValue", # required
8312
+ # },
8313
+ # ],
8314
+ # },
8315
+ # },
8316
+ # count: {
8317
+ # custom_request_handling: {
8318
+ # insert_headers: [ # required
8319
+ # {
8320
+ # name: "CustomHTTPHeaderName", # required
8321
+ # value: "CustomHTTPHeaderValue", # required
8322
+ # },
8323
+ # ],
8324
+ # },
8325
+ # },
8326
+ # captcha: {
8327
+ # custom_request_handling: {
8328
+ # insert_headers: [ # required
8329
+ # {
8330
+ # name: "CustomHTTPHeaderName", # required
8331
+ # value: "CustomHTTPHeaderValue", # required
7720
8332
  # },
7721
8333
  # ],
7722
8334
  # },
@@ -7746,6 +8358,11 @@ module Aws::WAFV2
7746
8358
  # cloud_watch_metrics_enabled: false, # required
7747
8359
  # metric_name: "MetricName", # required
7748
8360
  # },
8361
+ # captcha_config: {
8362
+ # immunity_time_property: {
8363
+ # immunity_time: 1, # required
8364
+ # },
8365
+ # },
7749
8366
  # }
7750
8367
  #
7751
8368
  # @!attribute [rw] name
@@ -7786,22 +8403,21 @@ module Aws::WAFV2
7786
8403
  # @return [Types::RuleAction]
7787
8404
  #
7788
8405
  # @!attribute [rw] override_action
7789
- # The override action to apply to the rules in a rule group. Used only
7790
- # for rule statements that reference a rule group, like
7791
- # `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
7792
- #
7793
- # Set the override action to none to leave the rule actions in effect.
7794
- # Set it to count to only count matches, regardless of the rule action
7795
- # settings.
8406
+ # The action to use in the place of the action that results from the
8407
+ # rule group evaluation. Set the override action to none to leave the
8408
+ # result of the rule group alone. Set it to count to override the
8409
+ # result to count only.
7796
8410
  #
7797
- # In a Rule, you must specify either this `OverrideAction` setting or
7798
- # the rule `Action` setting, but not both:
8411
+ # You can only use this for rule statements that reference a rule
8412
+ # group, like `RuleGroupReferenceStatement` and
8413
+ # `ManagedRuleGroupStatement`.
7799
8414
  #
7800
- # * If the rule statement references a rule group, use this override
7801
- # action setting and not the action setting.
8415
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
8416
+ # in the rule group are evaluated. If you want the rules in the rule
8417
+ # group to only count matches, do not use this and instead exclude
8418
+ # those rules in your rule group reference statement settings.
7802
8419
  #
7803
- # * If the rule statement does not reference a rule group, use the
7804
- # rule action setting and not this rule override action setting.
8420
+ # </note>
7805
8421
  # @return [Types::OverrideAction]
7806
8422
  #
7807
8423
  # @!attribute [rw] rule_labels
@@ -7835,6 +8451,12 @@ module Aws::WAFV2
7835
8451
  # collection.
7836
8452
  # @return [Types::VisibilityConfig]
7837
8453
  #
8454
+ # @!attribute [rw] captcha_config
8455
+ # Specifies how WAF should handle `CAPTCHA` evaluations. If you don't
8456
+ # specify this, WAF uses the `CAPTCHA` configuration that's defined
8457
+ # for the web ACL.
8458
+ # @return [Types::CaptchaConfig]
8459
+ #
7838
8460
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Rule AWS API Documentation
7839
8461
  #
7840
8462
  class Rule < Struct.new(
@@ -7844,7 +8466,8 @@ module Aws::WAFV2
7844
8466
  :action,
7845
8467
  :override_action,
7846
8468
  :rule_labels,
7847
- :visibility_config)
8469
+ :visibility_config,
8470
+ :captcha_config)
7848
8471
  SENSITIVE = []
7849
8472
  include Aws::Structure
7850
8473
  end
@@ -7889,6 +8512,16 @@ module Aws::WAFV2
7889
8512
  # ],
7890
8513
  # },
7891
8514
  # },
8515
+ # captcha: {
8516
+ # custom_request_handling: {
8517
+ # insert_headers: [ # required
8518
+ # {
8519
+ # name: "CustomHTTPHeaderName", # required
8520
+ # value: "CustomHTTPHeaderValue", # required
8521
+ # },
8522
+ # ],
8523
+ # },
8524
+ # },
7892
8525
  # }
7893
8526
  #
7894
8527
  # @!attribute [rw] block
@@ -7903,12 +8536,17 @@ module Aws::WAFV2
7903
8536
  # Instructs WAF to count the web request and allow it.
7904
8537
  # @return [Types::CountAction]
7905
8538
  #
8539
+ # @!attribute [rw] captcha
8540
+ # Instructs WAF to run a `CAPTCHA` check against the web request.
8541
+ # @return [Types::CaptchaAction]
8542
+ #
7906
8543
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleAction AWS API Documentation
7907
8544
  #
7908
8545
  class RuleAction < Struct.new(
7909
8546
  :block,
7910
8547
  :allow,
7911
- :count)
8548
+ :count,
8549
+ :captcha)
7912
8550
  SENSITIVE = []
7913
8551
  include Aws::Structure
7914
8552
  end
@@ -8062,8 +8700,11 @@ module Aws::WAFV2
8062
8700
  # @return [String]
8063
8701
  #
8064
8702
  # @!attribute [rw] excluded_rules
8065
- # The names of rules that are in the referenced rule group, but that
8066
- # you want WAF to exclude from processing for this rule statement.
8703
+ # The rules in the referenced rule group whose actions are set to
8704
+ # `Count`. When you exclude a rule, WAF evaluates it exactly as it
8705
+ # would if the rule action setting were `Count`. This is a useful
8706
+ # option for testing the rules in a rule group without modifying how
8707
+ # they handle your web traffic.
8067
8708
  # @return [Array<Types::ExcludedRule>]
8068
8709
  #
8069
8710
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleGroupReferenceStatement AWS API Documentation
@@ -8172,8 +8813,8 @@ module Aws::WAFV2
8172
8813
  # @return [Time]
8173
8814
  #
8174
8815
  # @!attribute [rw] action
8175
- # The action for the `Rule` that the request matched: `ALLOW`,
8176
- # `BLOCK`, or `COUNT`.
8816
+ # The action for the `Rule` that the request matched: `Allow`,
8817
+ # `Block`, or `Count`.
8177
8818
  # @return [String]
8178
8819
  #
8179
8820
  # @!attribute [rw] rule_name_within_rule_group
@@ -8204,6 +8845,10 @@ module Aws::WAFV2
8204
8845
  # or `awswaf:managed:aws:managed-rule-set:header:encoding:utf8`.
8205
8846
  # @return [Array<Types::Label>]
8206
8847
  #
8848
+ # @!attribute [rw] captcha_response
8849
+ # The `CAPTCHA` response for the request.
8850
+ # @return [Types::CaptchaResponse]
8851
+ #
8207
8852
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
8208
8853
  #
8209
8854
  class SampledHTTPRequest < Struct.new(
@@ -8214,7 +8859,8 @@ module Aws::WAFV2
8214
8859
  :rule_name_within_rule_group,
8215
8860
  :request_headers_inserted,
8216
8861
  :response_code_sent,
8217
- :labels)
8862
+ :labels,
8863
+ :captcha_response)
8218
8864
  SENSITIVE = []
8219
8865
  include Aws::Structure
8220
8866
  end
@@ -8887,6 +9533,42 @@ module Aws::WAFV2
8887
9533
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8888
9534
  # key: "LabelMatchKey", # required
8889
9535
  # },
9536
+ # regex_match_statement: {
9537
+ # regex_string: "RegexPatternString", # required
9538
+ # field_to_match: { # required
9539
+ # single_header: {
9540
+ # name: "FieldToMatchData", # required
9541
+ # },
9542
+ # single_query_argument: {
9543
+ # name: "FieldToMatchData", # required
9544
+ # },
9545
+ # all_query_arguments: {
9546
+ # },
9547
+ # uri_path: {
9548
+ # },
9549
+ # query_string: {
9550
+ # },
9551
+ # body: {
9552
+ # },
9553
+ # method: {
9554
+ # },
9555
+ # json_body: {
9556
+ # match_pattern: { # required
9557
+ # all: {
9558
+ # },
9559
+ # included_paths: ["JsonPointerPath"],
9560
+ # },
9561
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9562
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9563
+ # },
9564
+ # },
9565
+ # text_transformations: [ # required
9566
+ # {
9567
+ # priority: 1, # required
9568
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9569
+ # },
9570
+ # ],
9571
+ # },
8890
9572
  # },
8891
9573
  # forwarded_ip_config: {
8892
9574
  # header_name: "ForwardedIPHeaderName", # required
@@ -9140,6 +9822,42 @@ module Aws::WAFV2
9140
9822
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9141
9823
  # key: "LabelMatchKey", # required
9142
9824
  # },
9825
+ # regex_match_statement: {
9826
+ # regex_string: "RegexPatternString", # required
9827
+ # field_to_match: { # required
9828
+ # single_header: {
9829
+ # name: "FieldToMatchData", # required
9830
+ # },
9831
+ # single_query_argument: {
9832
+ # name: "FieldToMatchData", # required
9833
+ # },
9834
+ # all_query_arguments: {
9835
+ # },
9836
+ # uri_path: {
9837
+ # },
9838
+ # query_string: {
9839
+ # },
9840
+ # body: {
9841
+ # },
9842
+ # method: {
9843
+ # },
9844
+ # json_body: {
9845
+ # match_pattern: { # required
9846
+ # all: {
9847
+ # },
9848
+ # included_paths: ["JsonPointerPath"],
9849
+ # },
9850
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9851
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9852
+ # },
9853
+ # },
9854
+ # text_transformations: [ # required
9855
+ # {
9856
+ # priority: 1, # required
9857
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9858
+ # },
9859
+ # ],
9860
+ # },
9143
9861
  # },
9144
9862
  # ],
9145
9863
  # },
@@ -9390,6 +10108,42 @@ module Aws::WAFV2
9390
10108
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9391
10109
  # key: "LabelMatchKey", # required
9392
10110
  # },
10111
+ # regex_match_statement: {
10112
+ # regex_string: "RegexPatternString", # required
10113
+ # field_to_match: { # required
10114
+ # single_header: {
10115
+ # name: "FieldToMatchData", # required
10116
+ # },
10117
+ # single_query_argument: {
10118
+ # name: "FieldToMatchData", # required
10119
+ # },
10120
+ # all_query_arguments: {
10121
+ # },
10122
+ # uri_path: {
10123
+ # },
10124
+ # query_string: {
10125
+ # },
10126
+ # body: {
10127
+ # },
10128
+ # method: {
10129
+ # },
10130
+ # json_body: {
10131
+ # match_pattern: { # required
10132
+ # all: {
10133
+ # },
10134
+ # included_paths: ["JsonPointerPath"],
10135
+ # },
10136
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10137
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10138
+ # },
10139
+ # },
10140
+ # text_transformations: [ # required
10141
+ # {
10142
+ # priority: 1, # required
10143
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10144
+ # },
10145
+ # ],
10146
+ # },
9393
10147
  # },
9394
10148
  # ],
9395
10149
  # },
@@ -9643,6 +10397,42 @@ module Aws::WAFV2
9643
10397
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9644
10398
  # key: "LabelMatchKey", # required
9645
10399
  # },
10400
+ # regex_match_statement: {
10401
+ # regex_string: "RegexPatternString", # required
10402
+ # field_to_match: { # required
10403
+ # single_header: {
10404
+ # name: "FieldToMatchData", # required
10405
+ # },
10406
+ # single_query_argument: {
10407
+ # name: "FieldToMatchData", # required
10408
+ # },
10409
+ # all_query_arguments: {
10410
+ # },
10411
+ # uri_path: {
10412
+ # },
10413
+ # query_string: {
10414
+ # },
10415
+ # body: {
10416
+ # },
10417
+ # method: {
10418
+ # },
10419
+ # json_body: {
10420
+ # match_pattern: { # required
10421
+ # all: {
10422
+ # },
10423
+ # included_paths: ["JsonPointerPath"],
10424
+ # },
10425
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10426
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10427
+ # },
10428
+ # },
10429
+ # text_transformations: [ # required
10430
+ # {
10431
+ # priority: 1, # required
10432
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10433
+ # },
10434
+ # ],
10435
+ # },
9646
10436
  # },
9647
10437
  # },
9648
10438
  # managed_rule_group_statement: {
@@ -9895,12 +10685,84 @@ module Aws::WAFV2
9895
10685
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9896
10686
  # key: "LabelMatchKey", # required
9897
10687
  # },
10688
+ # regex_match_statement: {
10689
+ # regex_string: "RegexPatternString", # required
10690
+ # field_to_match: { # required
10691
+ # single_header: {
10692
+ # name: "FieldToMatchData", # required
10693
+ # },
10694
+ # single_query_argument: {
10695
+ # name: "FieldToMatchData", # required
10696
+ # },
10697
+ # all_query_arguments: {
10698
+ # },
10699
+ # uri_path: {
10700
+ # },
10701
+ # query_string: {
10702
+ # },
10703
+ # body: {
10704
+ # },
10705
+ # method: {
10706
+ # },
10707
+ # json_body: {
10708
+ # match_pattern: { # required
10709
+ # all: {
10710
+ # },
10711
+ # included_paths: ["JsonPointerPath"],
10712
+ # },
10713
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10714
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10715
+ # },
10716
+ # },
10717
+ # text_transformations: [ # required
10718
+ # {
10719
+ # priority: 1, # required
10720
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10721
+ # },
10722
+ # ],
10723
+ # },
9898
10724
  # },
9899
10725
  # },
9900
10726
  # label_match_statement: {
9901
10727
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9902
10728
  # key: "LabelMatchKey", # required
9903
10729
  # },
10730
+ # regex_match_statement: {
10731
+ # regex_string: "RegexPatternString", # required
10732
+ # field_to_match: { # required
10733
+ # single_header: {
10734
+ # name: "FieldToMatchData", # required
10735
+ # },
10736
+ # single_query_argument: {
10737
+ # name: "FieldToMatchData", # required
10738
+ # },
10739
+ # all_query_arguments: {
10740
+ # },
10741
+ # uri_path: {
10742
+ # },
10743
+ # query_string: {
10744
+ # },
10745
+ # body: {
10746
+ # },
10747
+ # method: {
10748
+ # },
10749
+ # json_body: {
10750
+ # match_pattern: { # required
10751
+ # all: {
10752
+ # },
10753
+ # included_paths: ["JsonPointerPath"],
10754
+ # },
10755
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10756
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10757
+ # },
10758
+ # },
10759
+ # text_transformations: [ # required
10760
+ # {
10761
+ # priority: 1, # required
10762
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10763
+ # },
10764
+ # ],
10765
+ # },
9904
10766
  # }
9905
10767
  #
9906
10768
  # @!attribute [rw] byte_match_statement
@@ -10082,6 +10944,11 @@ module Aws::WAFV2
10082
10944
  # that were added in the same context as the label match statement.
10083
10945
  # @return [Types::LabelMatchStatement]
10084
10946
  #
10947
+ # @!attribute [rw] regex_match_statement
10948
+ # A rule statement used to search web request components for a match
10949
+ # against a single regular expression.
10950
+ # @return [Types::RegexMatchStatement]
10951
+ #
10085
10952
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Statement AWS API Documentation
10086
10953
  #
10087
10954
  class Statement < Struct.new(
@@ -10098,7 +10965,8 @@ module Aws::WAFV2
10098
10965
  :or_statement,
10099
10966
  :not_statement,
10100
10967
  :managed_rule_group_statement,
10101
- :label_match_statement)
10968
+ :label_match_statement,
10969
+ :regex_match_statement)
10102
10970
  SENSITIVE = []
10103
10971
  include Aws::Structure
10104
10972
  end
@@ -11024,6 +11892,42 @@ module Aws::WAFV2
11024
11892
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
11025
11893
  # key: "LabelMatchKey", # required
11026
11894
  # },
11895
+ # regex_match_statement: {
11896
+ # regex_string: "RegexPatternString", # required
11897
+ # field_to_match: { # required
11898
+ # single_header: {
11899
+ # name: "FieldToMatchData", # required
11900
+ # },
11901
+ # single_query_argument: {
11902
+ # name: "FieldToMatchData", # required
11903
+ # },
11904
+ # all_query_arguments: {
11905
+ # },
11906
+ # uri_path: {
11907
+ # },
11908
+ # query_string: {
11909
+ # },
11910
+ # body: {
11911
+ # },
11912
+ # method: {
11913
+ # },
11914
+ # json_body: {
11915
+ # match_pattern: { # required
11916
+ # all: {
11917
+ # },
11918
+ # included_paths: ["JsonPointerPath"],
11919
+ # },
11920
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
11921
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
11922
+ # },
11923
+ # },
11924
+ # text_transformations: [ # required
11925
+ # {
11926
+ # priority: 1, # required
11927
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
11928
+ # },
11929
+ # ],
11930
+ # },
11027
11931
  # },
11028
11932
  # action: {
11029
11933
  # block: {
@@ -11058,6 +11962,16 @@ module Aws::WAFV2
11058
11962
  # ],
11059
11963
  # },
11060
11964
  # },
11965
+ # captcha: {
11966
+ # custom_request_handling: {
11967
+ # insert_headers: [ # required
11968
+ # {
11969
+ # name: "CustomHTTPHeaderName", # required
11970
+ # value: "CustomHTTPHeaderValue", # required
11971
+ # },
11972
+ # ],
11973
+ # },
11974
+ # },
11061
11975
  # },
11062
11976
  # override_action: {
11063
11977
  # count: {
@@ -11083,6 +11997,11 @@ module Aws::WAFV2
11083
11997
  # cloud_watch_metrics_enabled: false, # required
11084
11998
  # metric_name: "MetricName", # required
11085
11999
  # },
12000
+ # captcha_config: {
12001
+ # immunity_time_property: {
12002
+ # immunity_time: 1, # required
12003
+ # },
12004
+ # },
11086
12005
  # },
11087
12006
  # ],
11088
12007
  # visibility_config: { # required
@@ -11490,6 +12409,42 @@ module Aws::WAFV2
11490
12409
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
11491
12410
  # key: "LabelMatchKey", # required
11492
12411
  # },
12412
+ # regex_match_statement: {
12413
+ # regex_string: "RegexPatternString", # required
12414
+ # field_to_match: { # required
12415
+ # single_header: {
12416
+ # name: "FieldToMatchData", # required
12417
+ # },
12418
+ # single_query_argument: {
12419
+ # name: "FieldToMatchData", # required
12420
+ # },
12421
+ # all_query_arguments: {
12422
+ # },
12423
+ # uri_path: {
12424
+ # },
12425
+ # query_string: {
12426
+ # },
12427
+ # body: {
12428
+ # },
12429
+ # method: {
12430
+ # },
12431
+ # json_body: {
12432
+ # match_pattern: { # required
12433
+ # all: {
12434
+ # },
12435
+ # included_paths: ["JsonPointerPath"],
12436
+ # },
12437
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
12438
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
12439
+ # },
12440
+ # },
12441
+ # text_transformations: [ # required
12442
+ # {
12443
+ # priority: 1, # required
12444
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
12445
+ # },
12446
+ # ],
12447
+ # },
11493
12448
  # },
11494
12449
  # action: {
11495
12450
  # block: {
@@ -11524,6 +12479,16 @@ module Aws::WAFV2
11524
12479
  # ],
11525
12480
  # },
11526
12481
  # },
12482
+ # captcha: {
12483
+ # custom_request_handling: {
12484
+ # insert_headers: [ # required
12485
+ # {
12486
+ # name: "CustomHTTPHeaderName", # required
12487
+ # value: "CustomHTTPHeaderValue", # required
12488
+ # },
12489
+ # ],
12490
+ # },
12491
+ # },
11527
12492
  # },
11528
12493
  # override_action: {
11529
12494
  # count: {
@@ -11549,6 +12514,11 @@ module Aws::WAFV2
11549
12514
  # cloud_watch_metrics_enabled: false, # required
11550
12515
  # metric_name: "MetricName", # required
11551
12516
  # },
12517
+ # captcha_config: {
12518
+ # immunity_time_property: {
12519
+ # immunity_time: 1, # required
12520
+ # },
12521
+ # },
11552
12522
  # },
11553
12523
  # ],
11554
12524
  # visibility_config: { # required
@@ -11563,6 +12533,11 @@ module Aws::WAFV2
11563
12533
  # content: "ResponseContent", # required
11564
12534
  # },
11565
12535
  # },
12536
+ # captcha_config: {
12537
+ # immunity_time_property: {
12538
+ # immunity_time: 1, # required
12539
+ # },
12540
+ # },
11566
12541
  # }
11567
12542
  #
11568
12543
  # @!attribute [rw] name
@@ -11645,6 +12620,12 @@ module Aws::WAFV2
11645
12620
  # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
11646
12621
  # @return [Hash<String,Types::CustomResponseBody>]
11647
12622
  #
12623
+ # @!attribute [rw] captcha_config
12624
+ # Specifies how WAF should handle `CAPTCHA` evaluations for rules that
12625
+ # don't have their own `CaptchaConfig` settings. If you don't
12626
+ # specify this, WAF uses its default settings for `CaptchaConfig`.
12627
+ # @return [Types::CaptchaConfig]
12628
+ #
11648
12629
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
11649
12630
  #
11650
12631
  class UpdateWebACLRequest < Struct.new(
@@ -11656,7 +12637,8 @@ module Aws::WAFV2
11656
12637
  :rules,
11657
12638
  :visibility_config,
11658
12639
  :lock_token,
11659
- :custom_response_bodies)
12640
+ :custom_response_bodies,
12641
+ :captcha_config)
11660
12642
  SENSITIVE = []
11661
12643
  include Aws::Structure
11662
12644
  end
@@ -12196,6 +13178,12 @@ module Aws::WAFV2
12196
13178
  # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
12197
13179
  # @return [Hash<String,Types::CustomResponseBody>]
12198
13180
  #
13181
+ # @!attribute [rw] captcha_config
13182
+ # Specifies how WAF should handle `CAPTCHA` evaluations for rules that
13183
+ # don't have their own `CaptchaConfig` settings. If you don't
13184
+ # specify this, WAF uses its default settings for `CaptchaConfig`.
13185
+ # @return [Types::CaptchaConfig]
13186
+ #
12199
13187
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
12200
13188
  #
12201
13189
  class WebACL < Struct.new(
@@ -12211,7 +13199,8 @@ module Aws::WAFV2
12211
13199
  :post_process_firewall_manager_rule_groups,
12212
13200
  :managed_by_firewall_manager,
12213
13201
  :label_namespace,
12214
- :custom_response_bodies)
13202
+ :custom_response_bodies,
13203
+ :captcha_config)
12215
13204
  SENSITIVE = []
12216
13205
  include Aws::Structure
12217
13206
  end