aws-sdk-wafv2 1.26.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-wafv2/client.rb +381 -7
  5. data/lib/aws-sdk-wafv2/client_api.rb +36 -1
  6. data/lib/aws-sdk-wafv2/types.rb +1096 -107
  7. data/lib/aws-sdk-wafv2.rb +1 -1
  8. metadata +4 -4
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -16,7 +16,7 @@ module Aws::WAFV2
16
16
  # data as a hash:
17
17
  #
18
18
  # {
19
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
19
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
20
20
  # }
21
21
  #
22
22
  # @!attribute [rw] action
@@ -357,6 +357,42 @@ module Aws::WAFV2
357
357
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
358
358
  # key: "LabelMatchKey", # required
359
359
  # },
360
+ # regex_match_statement: {
361
+ # regex_string: "RegexPatternString", # required
362
+ # field_to_match: { # required
363
+ # single_header: {
364
+ # name: "FieldToMatchData", # required
365
+ # },
366
+ # single_query_argument: {
367
+ # name: "FieldToMatchData", # required
368
+ # },
369
+ # all_query_arguments: {
370
+ # },
371
+ # uri_path: {
372
+ # },
373
+ # query_string: {
374
+ # },
375
+ # body: {
376
+ # },
377
+ # method: {
378
+ # },
379
+ # json_body: {
380
+ # match_pattern: { # required
381
+ # all: {
382
+ # },
383
+ # included_paths: ["JsonPointerPath"],
384
+ # },
385
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
386
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
387
+ # },
388
+ # },
389
+ # text_transformations: [ # required
390
+ # {
391
+ # priority: 1, # required
392
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
393
+ # },
394
+ # ],
395
+ # },
360
396
  # },
361
397
  # ],
362
398
  # }
@@ -624,6 +660,125 @@ module Aws::WAFV2
624
660
  include Aws::Structure
625
661
  end
626
662
 
663
+ # Specifies that WAF should run a `CAPTCHA` check against the request:
664
+ #
665
+ # * If the request includes a valid, unexpired `CAPTCHA` token, WAF
666
+ # allows the web request inspection to proceed to the next rule,
667
+ # similar to a `CountAction`.
668
+ #
669
+ # * If the request doesn't include a valid, unexpired `CAPTCHA` token,
670
+ # WAF discontinues the web ACL evaluation of the request and blocks it
671
+ # from going to its intended destination.
672
+ #
673
+ # WAF generates a response that it sends back to the client, which
674
+ # includes the following:
675
+ #
676
+ # * The header `x-amzn-waf-action` with a value of `captcha`.
677
+ #
678
+ # * The HTTP status code `405 Method Not Allowed`.
679
+ #
680
+ # * If the request contains an `Accept` header with a value of
681
+ # `text/html`, the response includes a `CAPTCHA` challenge.
682
+ #
683
+ # You can configure the expiration time in the `CaptchaConfig`
684
+ # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
685
+ # setting overrides the web ACL setting.
686
+ #
687
+ # This action option is available for rules. It isn't available for web
688
+ # ACL default actions.
689
+ #
690
+ # This is used in the context of other settings, for example to specify
691
+ # values for RuleAction and web ACL DefaultAction.
692
+ #
693
+ # @note When making an API call, you may pass CaptchaAction
694
+ # data as a hash:
695
+ #
696
+ # {
697
+ # custom_request_handling: {
698
+ # insert_headers: [ # required
699
+ # {
700
+ # name: "CustomHTTPHeaderName", # required
701
+ # value: "CustomHTTPHeaderValue", # required
702
+ # },
703
+ # ],
704
+ # },
705
+ # }
706
+ #
707
+ # @!attribute [rw] custom_request_handling
708
+ # Defines custom handling for the web request.
709
+ #
710
+ # For information about customizing web requests and responses, see
711
+ # [Customizing web requests and responses in WAF][1] in the [WAF
712
+ # Developer Guide][2].
713
+ #
714
+ #
715
+ #
716
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
717
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
718
+ # @return [Types::CustomRequestHandling]
719
+ #
720
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
721
+ #
722
+ class CaptchaAction < Struct.new(
723
+ :custom_request_handling)
724
+ SENSITIVE = []
725
+ include Aws::Structure
726
+ end
727
+
728
+ # Specifies how WAF should handle `CAPTCHA` evaluations. This is
729
+ # available at the web ACL level and in each rule.
730
+ #
731
+ # @note When making an API call, you may pass CaptchaConfig
732
+ # data as a hash:
733
+ #
734
+ # {
735
+ # immunity_time_property: {
736
+ # immunity_time: 1, # required
737
+ # },
738
+ # }
739
+ #
740
+ # @!attribute [rw] immunity_time_property
741
+ # Determines how long a `CAPTCHA` token remains valid after the client
742
+ # successfully solves a `CAPTCHA` puzzle.
743
+ # @return [Types::ImmunityTimeProperty]
744
+ #
745
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaConfig AWS API Documentation
746
+ #
747
+ class CaptchaConfig < Struct.new(
748
+ :immunity_time_property)
749
+ SENSITIVE = []
750
+ include Aws::Structure
751
+ end
752
+
753
+ # The result from the inspection of the web request for a valid
754
+ # `CAPTCHA` token.
755
+ #
756
+ # @!attribute [rw] response_code
757
+ # The HTTP response code indicating the status of the `CAPTCHA` token
758
+ # in the web request. If the token is missing, invalid, or expired,
759
+ # this code is `405 Method Not Allowed`.
760
+ # @return [Integer]
761
+ #
762
+ # @!attribute [rw] solve_timestamp
763
+ # The time that the `CAPTCHA` puzzle was solved for the supplied
764
+ # token.
765
+ # @return [Integer]
766
+ #
767
+ # @!attribute [rw] failure_reason
768
+ # The reason for failure, populated when the evaluation of the token
769
+ # fails.
770
+ # @return [String]
771
+ #
772
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaResponse AWS API Documentation
773
+ #
774
+ class CaptchaResponse < Struct.new(
775
+ :response_code,
776
+ :solve_timestamp,
777
+ :failure_reason)
778
+ SENSITIVE = []
779
+ include Aws::Structure
780
+ end
781
+
627
782
  # @note When making an API call, you may pass CheckCapacityRequest
628
783
  # data as a hash:
629
784
  #
@@ -884,6 +1039,42 @@ module Aws::WAFV2
884
1039
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
885
1040
  # key: "LabelMatchKey", # required
886
1041
  # },
1042
+ # regex_match_statement: {
1043
+ # regex_string: "RegexPatternString", # required
1044
+ # field_to_match: { # required
1045
+ # single_header: {
1046
+ # name: "FieldToMatchData", # required
1047
+ # },
1048
+ # single_query_argument: {
1049
+ # name: "FieldToMatchData", # required
1050
+ # },
1051
+ # all_query_arguments: {
1052
+ # },
1053
+ # uri_path: {
1054
+ # },
1055
+ # query_string: {
1056
+ # },
1057
+ # body: {
1058
+ # },
1059
+ # method: {
1060
+ # },
1061
+ # json_body: {
1062
+ # match_pattern: { # required
1063
+ # all: {
1064
+ # },
1065
+ # included_paths: ["JsonPointerPath"],
1066
+ # },
1067
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
1068
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
1069
+ # },
1070
+ # },
1071
+ # text_transformations: [ # required
1072
+ # {
1073
+ # priority: 1, # required
1074
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
1075
+ # },
1076
+ # ],
1077
+ # },
887
1078
  # },
888
1079
  # action: {
889
1080
  # block: {
@@ -918,6 +1109,16 @@ module Aws::WAFV2
918
1109
  # ],
919
1110
  # },
920
1111
  # },
1112
+ # captcha: {
1113
+ # custom_request_handling: {
1114
+ # insert_headers: [ # required
1115
+ # {
1116
+ # name: "CustomHTTPHeaderName", # required
1117
+ # value: "CustomHTTPHeaderValue", # required
1118
+ # },
1119
+ # ],
1120
+ # },
1121
+ # },
921
1122
  # },
922
1123
  # override_action: {
923
1124
  # count: {
@@ -943,6 +1144,11 @@ module Aws::WAFV2
943
1144
  # cloud_watch_metrics_enabled: false, # required
944
1145
  # metric_name: "MetricName", # required
945
1146
  # },
1147
+ # captcha_config: {
1148
+ # immunity_time_property: {
1149
+ # immunity_time: 1, # required
1150
+ # },
1151
+ # },
946
1152
  # },
947
1153
  # ],
948
1154
  # }
@@ -995,7 +1201,7 @@ module Aws::WAFV2
995
1201
  #
996
1202
  # {
997
1203
  # action_condition: {
998
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
1204
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
999
1205
  # },
1000
1206
  # label_name_condition: {
1001
1207
  # label_name: "LabelName", # required
@@ -1514,6 +1720,42 @@ module Aws::WAFV2
1514
1720
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1515
1721
  # key: "LabelMatchKey", # required
1516
1722
  # },
1723
+ # regex_match_statement: {
1724
+ # regex_string: "RegexPatternString", # required
1725
+ # field_to_match: { # required
1726
+ # single_header: {
1727
+ # name: "FieldToMatchData", # required
1728
+ # },
1729
+ # single_query_argument: {
1730
+ # name: "FieldToMatchData", # required
1731
+ # },
1732
+ # all_query_arguments: {
1733
+ # },
1734
+ # uri_path: {
1735
+ # },
1736
+ # query_string: {
1737
+ # },
1738
+ # body: {
1739
+ # },
1740
+ # method: {
1741
+ # },
1742
+ # json_body: {
1743
+ # match_pattern: { # required
1744
+ # all: {
1745
+ # },
1746
+ # included_paths: ["JsonPointerPath"],
1747
+ # },
1748
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
1749
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
1750
+ # },
1751
+ # },
1752
+ # text_transformations: [ # required
1753
+ # {
1754
+ # priority: 1, # required
1755
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
1756
+ # },
1757
+ # ],
1758
+ # },
1517
1759
  # },
1518
1760
  # action: {
1519
1761
  # block: {
@@ -1548,6 +1790,16 @@ module Aws::WAFV2
1548
1790
  # ],
1549
1791
  # },
1550
1792
  # },
1793
+ # captcha: {
1794
+ # custom_request_handling: {
1795
+ # insert_headers: [ # required
1796
+ # {
1797
+ # name: "CustomHTTPHeaderName", # required
1798
+ # value: "CustomHTTPHeaderValue", # required
1799
+ # },
1800
+ # ],
1801
+ # },
1802
+ # },
1551
1803
  # },
1552
1804
  # override_action: {
1553
1805
  # count: {
@@ -1573,6 +1825,11 @@ module Aws::WAFV2
1573
1825
  # cloud_watch_metrics_enabled: false, # required
1574
1826
  # metric_name: "MetricName", # required
1575
1827
  # },
1828
+ # captcha_config: {
1829
+ # immunity_time_property: {
1830
+ # immunity_time: 1, # required
1831
+ # },
1832
+ # },
1576
1833
  # },
1577
1834
  # ],
1578
1835
  # visibility_config: { # required
@@ -1990,6 +2247,42 @@ module Aws::WAFV2
1990
2247
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1991
2248
  # key: "LabelMatchKey", # required
1992
2249
  # },
2250
+ # regex_match_statement: {
2251
+ # regex_string: "RegexPatternString", # required
2252
+ # field_to_match: { # required
2253
+ # single_header: {
2254
+ # name: "FieldToMatchData", # required
2255
+ # },
2256
+ # single_query_argument: {
2257
+ # name: "FieldToMatchData", # required
2258
+ # },
2259
+ # all_query_arguments: {
2260
+ # },
2261
+ # uri_path: {
2262
+ # },
2263
+ # query_string: {
2264
+ # },
2265
+ # body: {
2266
+ # },
2267
+ # method: {
2268
+ # },
2269
+ # json_body: {
2270
+ # match_pattern: { # required
2271
+ # all: {
2272
+ # },
2273
+ # included_paths: ["JsonPointerPath"],
2274
+ # },
2275
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
2276
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
2277
+ # },
2278
+ # },
2279
+ # text_transformations: [ # required
2280
+ # {
2281
+ # priority: 1, # required
2282
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
2283
+ # },
2284
+ # ],
2285
+ # },
1993
2286
  # },
1994
2287
  # action: {
1995
2288
  # block: {
@@ -2024,6 +2317,16 @@ module Aws::WAFV2
2024
2317
  # ],
2025
2318
  # },
2026
2319
  # },
2320
+ # captcha: {
2321
+ # custom_request_handling: {
2322
+ # insert_headers: [ # required
2323
+ # {
2324
+ # name: "CustomHTTPHeaderName", # required
2325
+ # value: "CustomHTTPHeaderValue", # required
2326
+ # },
2327
+ # ],
2328
+ # },
2329
+ # },
2027
2330
  # },
2028
2331
  # override_action: {
2029
2332
  # count: {
@@ -2049,6 +2352,11 @@ module Aws::WAFV2
2049
2352
  # cloud_watch_metrics_enabled: false, # required
2050
2353
  # metric_name: "MetricName", # required
2051
2354
  # },
2355
+ # captcha_config: {
2356
+ # immunity_time_property: {
2357
+ # immunity_time: 1, # required
2358
+ # },
2359
+ # },
2052
2360
  # },
2053
2361
  # ],
2054
2362
  # visibility_config: { # required
@@ -2068,6 +2376,11 @@ module Aws::WAFV2
2068
2376
  # content: "ResponseContent", # required
2069
2377
  # },
2070
2378
  # },
2379
+ # captcha_config: {
2380
+ # immunity_time_property: {
2381
+ # immunity_time: 1, # required
2382
+ # },
2383
+ # },
2071
2384
  # }
2072
2385
  #
2073
2386
  # @!attribute [rw] name
@@ -2136,6 +2449,12 @@ module Aws::WAFV2
2136
2449
  # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
2137
2450
  # @return [Hash<String,Types::CustomResponseBody>]
2138
2451
  #
2452
+ # @!attribute [rw] captcha_config
2453
+ # Specifies how WAF should handle `CAPTCHA` evaluations for rules that
2454
+ # don't have their own `CaptchaConfig` settings. If you don't
2455
+ # specify this, WAF uses its default settings for `CaptchaConfig`.
2456
+ # @return [Types::CaptchaConfig]
2457
+ #
2139
2458
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
2140
2459
  #
2141
2460
  class CreateWebACLRequest < Struct.new(
@@ -2146,7 +2465,8 @@ module Aws::WAFV2
2146
2465
  :rules,
2147
2466
  :visibility_config,
2148
2467
  :tags,
2149
- :custom_response_bodies)
2468
+ :custom_response_bodies,
2469
+ :captcha_config)
2150
2470
  SENSITIVE = []
2151
2471
  include Aws::Structure
2152
2472
  end
@@ -2929,10 +3249,11 @@ module Aws::WAFV2
2929
3249
  #
2930
3250
  class DisassociateWebACLResponse < Aws::EmptyStructure; end
2931
3251
 
2932
- # Specifies a single rule to exclude from the rule group. Excluding a
2933
- # rule overrides its action setting for the rule group in the web ACL,
2934
- # setting it to `COUNT`. This effectively excludes the rule from acting
2935
- # on web requests.
3252
+ # Specifies a single rule in a rule group whose action you want to
3253
+ # override to `Count`. When you exclude a rule, WAF evaluates it exactly
3254
+ # as it would if the rule action setting were `Count`. This is a useful
3255
+ # option for testing the rules in a rule group without modifying how
3256
+ # they handle your web traffic.
2936
3257
  #
2937
3258
  # @note When making an API call, you may pass ExcludedRule
2938
3259
  # data as a hash:
@@ -2942,7 +3263,7 @@ module Aws::WAFV2
2942
3263
  # }
2943
3264
  #
2944
3265
  # @!attribute [rw] name
2945
- # The name of the rule to exclude.
3266
+ # The name of the rule whose action you want to override to `Count`.
2946
3267
  # @return [String]
2947
3268
  #
2948
3269
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ExcludedRule AWS API Documentation
@@ -3097,7 +3418,7 @@ module Aws::WAFV2
3097
3418
  # conditions: [ # required
3098
3419
  # {
3099
3420
  # action_condition: {
3100
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
3421
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
3101
3422
  # },
3102
3423
  # label_name_condition: {
3103
3424
  # label_name: "LabelName", # required
@@ -3153,22 +3474,21 @@ module Aws::WAFV2
3153
3474
  # @return [Types::FirewallManagerStatement]
3154
3475
  #
3155
3476
  # @!attribute [rw] override_action
3156
- # The override action to apply to the rules in a rule group. Used only
3157
- # for rule statements that reference a rule group, like
3158
- # `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
3477
+ # The action to use in the place of the action that results from the
3478
+ # rule group evaluation. Set the override action to none to leave the
3479
+ # result of the rule group alone. Set it to count to override the
3480
+ # result to count only.
3159
3481
  #
3160
- # Set the override action to none to leave the rule actions in effect.
3161
- # Set it to count to only count matches, regardless of the rule action
3162
- # settings.
3482
+ # You can only use this for rule statements that reference a rule
3483
+ # group, like `RuleGroupReferenceStatement` and
3484
+ # `ManagedRuleGroupStatement`.
3163
3485
  #
3164
- # In a Rule, you must specify either this `OverrideAction` setting or
3165
- # the rule `Action` setting, but not both:
3486
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
3487
+ # in the rule group are evaluated. If you want the rules in the rule
3488
+ # group to only count matches, do not use this and instead exclude
3489
+ # those rules in your rule group reference statement settings.
3166
3490
  #
3167
- # * If the rule statement references a rule group, use this override
3168
- # action setting and not the action setting.
3169
- #
3170
- # * If the rule statement does not reference a rule group, use the
3171
- # rule action setting and not this rule override action setting.
3491
+ # </note>
3172
3492
  # @return [Types::OverrideAction]
3173
3493
  #
3174
3494
  # @!attribute [rw] visibility_config
@@ -4299,14 +4619,37 @@ module Aws::WAFV2
4299
4619
  include Aws::Structure
4300
4620
  end
4301
4621
 
4302
- # The body of a web request, inspected as JSON. The body immediately
4303
- # follows the request headers. This is used in the FieldToMatch
4304
- # specification.
4622
+ # Determines how long a `CAPTCHA` token remains valid after the client
4623
+ # successfully solves a `CAPTCHA` puzzle.
4305
4624
  #
4306
- # Use the specifications in this object to indicate which parts of the
4307
- # JSON body to inspect using the rule's inspection criteria. WAF
4308
- # inspects only the parts of the JSON that result from the matches that
4309
- # you indicate.
4625
+ # @note When making an API call, you may pass ImmunityTimeProperty
4626
+ # data as a hash:
4627
+ #
4628
+ # {
4629
+ # immunity_time: 1, # required
4630
+ # }
4631
+ #
4632
+ # @!attribute [rw] immunity_time
4633
+ # The amount of time, in seconds, that a `CAPTCHA` token is valid. The
4634
+ # default setting is 300.
4635
+ # @return [Integer]
4636
+ #
4637
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ImmunityTimeProperty AWS API Documentation
4638
+ #
4639
+ class ImmunityTimeProperty < Struct.new(
4640
+ :immunity_time)
4641
+ SENSITIVE = []
4642
+ include Aws::Structure
4643
+ end
4644
+
4645
+ # The body of a web request, inspected as JSON. The body immediately
4646
+ # follows the request headers. This is used in the FieldToMatch
4647
+ # specification.
4648
+ #
4649
+ # Use the specifications in this object to indicate which parts of the
4650
+ # JSON body to inspect using the rule's inspection criteria. WAF
4651
+ # inspects only the parts of the JSON that result from the matches that
4652
+ # you indicate.
4310
4653
  #
4311
4654
  # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
4312
4655
  # "MatchScope": "ALL" \}`
@@ -4779,7 +5122,7 @@ module Aws::WAFV2
4779
5122
  # data as a hash:
4780
5123
  #
4781
5124
  # {
4782
- # scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
5125
+ # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
4783
5126
  # next_marker: "NextMarker",
4784
5127
  # limit: 1,
4785
5128
  # }
@@ -5270,7 +5613,7 @@ module Aws::WAFV2
5270
5613
  # conditions: [ # required
5271
5614
  # {
5272
5615
  # action_condition: {
5273
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
5616
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
5274
5617
  # },
5275
5618
  # label_name_condition: {
5276
5619
  # label_name: "LabelName", # required
@@ -5346,7 +5689,7 @@ module Aws::WAFV2
5346
5689
  # conditions: [ # required
5347
5690
  # {
5348
5691
  # action_condition: {
5349
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
5692
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
5350
5693
  # },
5351
5694
  # label_name_condition: {
5352
5695
  # label_name: "LabelName", # required
@@ -5648,6 +5991,42 @@ module Aws::WAFV2
5648
5991
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
5649
5992
  # key: "LabelMatchKey", # required
5650
5993
  # },
5994
+ # regex_match_statement: {
5995
+ # regex_string: "RegexPatternString", # required
5996
+ # field_to_match: { # required
5997
+ # single_header: {
5998
+ # name: "FieldToMatchData", # required
5999
+ # },
6000
+ # single_query_argument: {
6001
+ # name: "FieldToMatchData", # required
6002
+ # },
6003
+ # all_query_arguments: {
6004
+ # },
6005
+ # uri_path: {
6006
+ # },
6007
+ # query_string: {
6008
+ # },
6009
+ # body: {
6010
+ # },
6011
+ # method: {
6012
+ # },
6013
+ # json_body: {
6014
+ # match_pattern: { # required
6015
+ # all: {
6016
+ # },
6017
+ # included_paths: ["JsonPointerPath"],
6018
+ # },
6019
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6020
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6021
+ # },
6022
+ # },
6023
+ # text_transformations: [ # required
6024
+ # {
6025
+ # priority: 1, # required
6026
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6027
+ # },
6028
+ # ],
6029
+ # },
5651
6030
  # },
5652
6031
  # }
5653
6032
  #
@@ -5670,9 +6049,11 @@ module Aws::WAFV2
5670
6049
  # @return [String]
5671
6050
  #
5672
6051
  # @!attribute [rw] excluded_rules
5673
- # The rules whose actions are set to `COUNT` by the web ACL,
5674
- # regardless of the action that is set on the rule. This effectively
5675
- # excludes the rule from acting on web requests.
6052
+ # The rules in the referenced rule group whose actions are set to
6053
+ # `Count`. When you exclude a rule, WAF evaluates it exactly as it
6054
+ # would if the rule action setting were `Count`. This is a useful
6055
+ # option for testing the rules in a rule group without modifying how
6056
+ # they handle your web traffic.
5676
6057
  # @return [Array<Types::ExcludedRule>]
5677
6058
  #
5678
6059
  # @!attribute [rw] scope_down_statement
@@ -5994,9 +6375,9 @@ module Aws::WAFV2
5994
6375
  #
5995
6376
  class Method < Aws::EmptyStructure; end
5996
6377
 
5997
- # Specifies that WAF should do nothing. This is generally used to try
5998
- # out a rule without performing any actions. You set the
5999
- # `OverrideAction` on the Rule.
6378
+ # Specifies that WAF should do nothing. This is used for the
6379
+ # `OverrideAction` setting on a Rule when the rule uses a rule group
6380
+ # reference statement.
6000
6381
  #
6001
6382
  # This is used in the context of other settings, for example to specify
6002
6383
  # values for RuleAction and web ACL DefaultAction.
@@ -6267,6 +6648,42 @@ module Aws::WAFV2
6267
6648
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6268
6649
  # key: "LabelMatchKey", # required
6269
6650
  # },
6651
+ # regex_match_statement: {
6652
+ # regex_string: "RegexPatternString", # required
6653
+ # field_to_match: { # required
6654
+ # single_header: {
6655
+ # name: "FieldToMatchData", # required
6656
+ # },
6657
+ # single_query_argument: {
6658
+ # name: "FieldToMatchData", # required
6659
+ # },
6660
+ # all_query_arguments: {
6661
+ # },
6662
+ # uri_path: {
6663
+ # },
6664
+ # query_string: {
6665
+ # },
6666
+ # body: {
6667
+ # },
6668
+ # method: {
6669
+ # },
6670
+ # json_body: {
6671
+ # match_pattern: { # required
6672
+ # all: {
6673
+ # },
6674
+ # included_paths: ["JsonPointerPath"],
6675
+ # },
6676
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6677
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6678
+ # },
6679
+ # },
6680
+ # text_transformations: [ # required
6681
+ # {
6682
+ # priority: 1, # required
6683
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6684
+ # },
6685
+ # ],
6686
+ # },
6270
6687
  # },
6271
6688
  # }
6272
6689
  #
@@ -6538,6 +6955,42 @@ module Aws::WAFV2
6538
6955
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6539
6956
  # key: "LabelMatchKey", # required
6540
6957
  # },
6958
+ # regex_match_statement: {
6959
+ # regex_string: "RegexPatternString", # required
6960
+ # field_to_match: { # required
6961
+ # single_header: {
6962
+ # name: "FieldToMatchData", # required
6963
+ # },
6964
+ # single_query_argument: {
6965
+ # name: "FieldToMatchData", # required
6966
+ # },
6967
+ # all_query_arguments: {
6968
+ # },
6969
+ # uri_path: {
6970
+ # },
6971
+ # query_string: {
6972
+ # },
6973
+ # body: {
6974
+ # },
6975
+ # method: {
6976
+ # },
6977
+ # json_body: {
6978
+ # match_pattern: { # required
6979
+ # all: {
6980
+ # },
6981
+ # included_paths: ["JsonPointerPath"],
6982
+ # },
6983
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6984
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6985
+ # },
6986
+ # },
6987
+ # text_transformations: [ # required
6988
+ # {
6989
+ # priority: 1, # required
6990
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6991
+ # },
6992
+ # ],
6993
+ # },
6541
6994
  # },
6542
6995
  # ],
6543
6996
  # }
@@ -6555,22 +7008,20 @@ module Aws::WAFV2
6555
7008
  include Aws::Structure
6556
7009
  end
6557
7010
 
6558
- # The override action to apply to the rules in a rule group. Used only
6559
- # for rule statements that reference a rule group, like
6560
- # `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
6561
- #
6562
- # Set the override action to none to leave the rule actions in effect.
6563
- # Set it to count to only count matches, regardless of the rule action
6564
- # settings.
7011
+ # The action to use in the place of the action that results from the
7012
+ # rule group evaluation. Set the override action to none to leave the
7013
+ # result of the rule group alone. Set it to count to override the result
7014
+ # to count only.
6565
7015
  #
6566
- # In a Rule, you must specify either this `OverrideAction` setting or
6567
- # the rule `Action` setting, but not both:
7016
+ # You can only use this for rule statements that reference a rule group,
7017
+ # like `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
6568
7018
  #
6569
- # * If the rule statement references a rule group, use this override
6570
- # action setting and not the action setting.
7019
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
7020
+ # in the rule group are evaluated. If you want the rules in the rule
7021
+ # group to only count matches, do not use this and instead exclude those
7022
+ # rules in your rule group reference statement settings.
6571
7023
  #
6572
- # * If the rule statement does not reference a rule group, use the rule
6573
- # action setting and not this rule override action setting.
7024
+ # </note>
6574
7025
  #
6575
7026
  # @note When making an API call, you may pass OverrideAction
6576
7027
  # data as a hash:
@@ -6591,11 +7042,19 @@ module Aws::WAFV2
6591
7042
  # }
6592
7043
  #
6593
7044
  # @!attribute [rw] count
6594
- # Override the rule action setting to count.
7045
+ # Override the rule group evaluation result to count only.
7046
+ #
7047
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
7048
+ # in the rule group are evaluated. If you want the rules in the rule
7049
+ # group to only count matches, do not use this and instead exclude
7050
+ # those rules in your rule group reference statement settings.
7051
+ #
7052
+ # </note>
6595
7053
  # @return [Types::CountAction]
6596
7054
  #
6597
7055
  # @!attribute [rw] none
6598
- # Don't override the rule action setting.
7056
+ # Don't override the rule group evaluation result. This is the most
7057
+ # common setting.
6599
7058
  # @return [Types::NoneAction]
6600
7059
  #
6601
7060
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/OverrideAction AWS API Documentation
@@ -6652,7 +7111,7 @@ module Aws::WAFV2
6652
7111
  # conditions: [ # required
6653
7112
  # {
6654
7113
  # action_condition: {
6655
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
7114
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
6656
7115
  # },
6657
7116
  # label_name_condition: {
6658
7117
  # label_name: "LabelName", # required
@@ -7154,6 +7613,42 @@ module Aws::WAFV2
7154
7613
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7155
7614
  # key: "LabelMatchKey", # required
7156
7615
  # },
7616
+ # regex_match_statement: {
7617
+ # regex_string: "RegexPatternString", # required
7618
+ # field_to_match: { # required
7619
+ # single_header: {
7620
+ # name: "FieldToMatchData", # required
7621
+ # },
7622
+ # single_query_argument: {
7623
+ # name: "FieldToMatchData", # required
7624
+ # },
7625
+ # all_query_arguments: {
7626
+ # },
7627
+ # uri_path: {
7628
+ # },
7629
+ # query_string: {
7630
+ # },
7631
+ # body: {
7632
+ # },
7633
+ # method: {
7634
+ # },
7635
+ # json_body: {
7636
+ # match_pattern: { # required
7637
+ # all: {
7638
+ # },
7639
+ # included_paths: ["JsonPointerPath"],
7640
+ # },
7641
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7642
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7643
+ # },
7644
+ # },
7645
+ # text_transformations: [ # required
7646
+ # {
7647
+ # priority: 1, # required
7648
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7649
+ # },
7650
+ # ],
7651
+ # },
7157
7652
  # },
7158
7653
  # forwarded_ip_config: {
7159
7654
  # header_name: "ForwardedIPHeaderName", # required
@@ -7254,6 +7749,77 @@ module Aws::WAFV2
7254
7749
  include Aws::Structure
7255
7750
  end
7256
7751
 
7752
+ # A rule statement used to search web request components for a match
7753
+ # against a single regular expression.
7754
+ #
7755
+ # @note When making an API call, you may pass RegexMatchStatement
7756
+ # data as a hash:
7757
+ #
7758
+ # {
7759
+ # regex_string: "RegexPatternString", # required
7760
+ # field_to_match: { # required
7761
+ # single_header: {
7762
+ # name: "FieldToMatchData", # required
7763
+ # },
7764
+ # single_query_argument: {
7765
+ # name: "FieldToMatchData", # required
7766
+ # },
7767
+ # all_query_arguments: {
7768
+ # },
7769
+ # uri_path: {
7770
+ # },
7771
+ # query_string: {
7772
+ # },
7773
+ # body: {
7774
+ # },
7775
+ # method: {
7776
+ # },
7777
+ # json_body: {
7778
+ # match_pattern: { # required
7779
+ # all: {
7780
+ # },
7781
+ # included_paths: ["JsonPointerPath"],
7782
+ # },
7783
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7784
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7785
+ # },
7786
+ # },
7787
+ # text_transformations: [ # required
7788
+ # {
7789
+ # priority: 1, # required
7790
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7791
+ # },
7792
+ # ],
7793
+ # }
7794
+ #
7795
+ # @!attribute [rw] regex_string
7796
+ # The string representing the regular expression.
7797
+ # @return [String]
7798
+ #
7799
+ # @!attribute [rw] field_to_match
7800
+ # The part of a web request that you want WAF to inspect. For more
7801
+ # information, see FieldToMatch.
7802
+ # @return [Types::FieldToMatch]
7803
+ #
7804
+ # @!attribute [rw] text_transformations
7805
+ # Text transformations eliminate some of the unusual formatting that
7806
+ # attackers use in web requests in an effort to bypass detection. If
7807
+ # you specify one or more transformations in a rule statement, WAF
7808
+ # performs all transformations on the content of the request component
7809
+ # identified by `FieldToMatch`, starting from the lowest priority
7810
+ # setting, before inspecting the content for a match.
7811
+ # @return [Array<Types::TextTransformation>]
7812
+ #
7813
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
7814
+ #
7815
+ class RegexMatchStatement < Struct.new(
7816
+ :regex_string,
7817
+ :field_to_match,
7818
+ :text_transformations)
7819
+ SENSITIVE = []
7820
+ include Aws::Structure
7821
+ end
7822
+
7257
7823
  # Contains one or more regular expressions.
7258
7824
  #
7259
7825
  # WAF assigns an ARN to each `RegexPatternSet` that you create. To use a
@@ -7687,36 +8253,82 @@ module Aws::WAFV2
7687
8253
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7688
8254
  # key: "LabelMatchKey", # required
7689
8255
  # },
7690
- # },
7691
- # action: {
7692
- # block: {
7693
- # custom_response: {
7694
- # response_code: 1, # required
7695
- # custom_response_body_key: "EntityName",
7696
- # response_headers: [
7697
- # {
7698
- # name: "CustomHTTPHeaderName", # required
7699
- # value: "CustomHTTPHeaderValue", # required
7700
- # },
7701
- # ],
7702
- # },
7703
- # },
7704
- # allow: {
7705
- # custom_request_handling: {
7706
- # insert_headers: [ # required
7707
- # {
7708
- # name: "CustomHTTPHeaderName", # required
7709
- # value: "CustomHTTPHeaderValue", # required
7710
- # },
7711
- # ],
7712
- # },
7713
- # },
7714
- # count: {
7715
- # custom_request_handling: {
7716
- # insert_headers: [ # required
7717
- # {
7718
- # name: "CustomHTTPHeaderName", # required
7719
- # value: "CustomHTTPHeaderValue", # required
8256
+ # regex_match_statement: {
8257
+ # regex_string: "RegexPatternString", # required
8258
+ # field_to_match: { # required
8259
+ # single_header: {
8260
+ # name: "FieldToMatchData", # required
8261
+ # },
8262
+ # single_query_argument: {
8263
+ # name: "FieldToMatchData", # required
8264
+ # },
8265
+ # all_query_arguments: {
8266
+ # },
8267
+ # uri_path: {
8268
+ # },
8269
+ # query_string: {
8270
+ # },
8271
+ # body: {
8272
+ # },
8273
+ # method: {
8274
+ # },
8275
+ # json_body: {
8276
+ # match_pattern: { # required
8277
+ # all: {
8278
+ # },
8279
+ # included_paths: ["JsonPointerPath"],
8280
+ # },
8281
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
8282
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
8283
+ # },
8284
+ # },
8285
+ # text_transformations: [ # required
8286
+ # {
8287
+ # priority: 1, # required
8288
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
8289
+ # },
8290
+ # ],
8291
+ # },
8292
+ # },
8293
+ # action: {
8294
+ # block: {
8295
+ # custom_response: {
8296
+ # response_code: 1, # required
8297
+ # custom_response_body_key: "EntityName",
8298
+ # response_headers: [
8299
+ # {
8300
+ # name: "CustomHTTPHeaderName", # required
8301
+ # value: "CustomHTTPHeaderValue", # required
8302
+ # },
8303
+ # ],
8304
+ # },
8305
+ # },
8306
+ # allow: {
8307
+ # custom_request_handling: {
8308
+ # insert_headers: [ # required
8309
+ # {
8310
+ # name: "CustomHTTPHeaderName", # required
8311
+ # value: "CustomHTTPHeaderValue", # required
8312
+ # },
8313
+ # ],
8314
+ # },
8315
+ # },
8316
+ # count: {
8317
+ # custom_request_handling: {
8318
+ # insert_headers: [ # required
8319
+ # {
8320
+ # name: "CustomHTTPHeaderName", # required
8321
+ # value: "CustomHTTPHeaderValue", # required
8322
+ # },
8323
+ # ],
8324
+ # },
8325
+ # },
8326
+ # captcha: {
8327
+ # custom_request_handling: {
8328
+ # insert_headers: [ # required
8329
+ # {
8330
+ # name: "CustomHTTPHeaderName", # required
8331
+ # value: "CustomHTTPHeaderValue", # required
7720
8332
  # },
7721
8333
  # ],
7722
8334
  # },
@@ -7746,6 +8358,11 @@ module Aws::WAFV2
7746
8358
  # cloud_watch_metrics_enabled: false, # required
7747
8359
  # metric_name: "MetricName", # required
7748
8360
  # },
8361
+ # captcha_config: {
8362
+ # immunity_time_property: {
8363
+ # immunity_time: 1, # required
8364
+ # },
8365
+ # },
7749
8366
  # }
7750
8367
  #
7751
8368
  # @!attribute [rw] name
@@ -7786,22 +8403,21 @@ module Aws::WAFV2
7786
8403
  # @return [Types::RuleAction]
7787
8404
  #
7788
8405
  # @!attribute [rw] override_action
7789
- # The override action to apply to the rules in a rule group. Used only
7790
- # for rule statements that reference a rule group, like
7791
- # `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
7792
- #
7793
- # Set the override action to none to leave the rule actions in effect.
7794
- # Set it to count to only count matches, regardless of the rule action
7795
- # settings.
8406
+ # The action to use in the place of the action that results from the
8407
+ # rule group evaluation. Set the override action to none to leave the
8408
+ # result of the rule group alone. Set it to count to override the
8409
+ # result to count only.
7796
8410
  #
7797
- # In a Rule, you must specify either this `OverrideAction` setting or
7798
- # the rule `Action` setting, but not both:
8411
+ # You can only use this for rule statements that reference a rule
8412
+ # group, like `RuleGroupReferenceStatement` and
8413
+ # `ManagedRuleGroupStatement`.
7799
8414
  #
7800
- # * If the rule statement references a rule group, use this override
7801
- # action setting and not the action setting.
8415
+ # <note markdown="1"> This option is usually set to none. It does not affect how the rules
8416
+ # in the rule group are evaluated. If you want the rules in the rule
8417
+ # group to only count matches, do not use this and instead exclude
8418
+ # those rules in your rule group reference statement settings.
7802
8419
  #
7803
- # * If the rule statement does not reference a rule group, use the
7804
- # rule action setting and not this rule override action setting.
8420
+ # </note>
7805
8421
  # @return [Types::OverrideAction]
7806
8422
  #
7807
8423
  # @!attribute [rw] rule_labels
@@ -7835,6 +8451,12 @@ module Aws::WAFV2
7835
8451
  # collection.
7836
8452
  # @return [Types::VisibilityConfig]
7837
8453
  #
8454
+ # @!attribute [rw] captcha_config
8455
+ # Specifies how WAF should handle `CAPTCHA` evaluations. If you don't
8456
+ # specify this, WAF uses the `CAPTCHA` configuration that's defined
8457
+ # for the web ACL.
8458
+ # @return [Types::CaptchaConfig]
8459
+ #
7838
8460
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Rule AWS API Documentation
7839
8461
  #
7840
8462
  class Rule < Struct.new(
@@ -7844,7 +8466,8 @@ module Aws::WAFV2
7844
8466
  :action,
7845
8467
  :override_action,
7846
8468
  :rule_labels,
7847
- :visibility_config)
8469
+ :visibility_config,
8470
+ :captcha_config)
7848
8471
  SENSITIVE = []
7849
8472
  include Aws::Structure
7850
8473
  end
@@ -7889,6 +8512,16 @@ module Aws::WAFV2
7889
8512
  # ],
7890
8513
  # },
7891
8514
  # },
8515
+ # captcha: {
8516
+ # custom_request_handling: {
8517
+ # insert_headers: [ # required
8518
+ # {
8519
+ # name: "CustomHTTPHeaderName", # required
8520
+ # value: "CustomHTTPHeaderValue", # required
8521
+ # },
8522
+ # ],
8523
+ # },
8524
+ # },
7892
8525
  # }
7893
8526
  #
7894
8527
  # @!attribute [rw] block
@@ -7903,12 +8536,17 @@ module Aws::WAFV2
7903
8536
  # Instructs WAF to count the web request and allow it.
7904
8537
  # @return [Types::CountAction]
7905
8538
  #
8539
+ # @!attribute [rw] captcha
8540
+ # Instructs WAF to run a `CAPTCHA` check against the web request.
8541
+ # @return [Types::CaptchaAction]
8542
+ #
7906
8543
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleAction AWS API Documentation
7907
8544
  #
7908
8545
  class RuleAction < Struct.new(
7909
8546
  :block,
7910
8547
  :allow,
7911
- :count)
8548
+ :count,
8549
+ :captcha)
7912
8550
  SENSITIVE = []
7913
8551
  include Aws::Structure
7914
8552
  end
@@ -8062,8 +8700,11 @@ module Aws::WAFV2
8062
8700
  # @return [String]
8063
8701
  #
8064
8702
  # @!attribute [rw] excluded_rules
8065
- # The names of rules that are in the referenced rule group, but that
8066
- # you want WAF to exclude from processing for this rule statement.
8703
+ # The rules in the referenced rule group whose actions are set to
8704
+ # `Count`. When you exclude a rule, WAF evaluates it exactly as it
8705
+ # would if the rule action setting were `Count`. This is a useful
8706
+ # option for testing the rules in a rule group without modifying how
8707
+ # they handle your web traffic.
8067
8708
  # @return [Array<Types::ExcludedRule>]
8068
8709
  #
8069
8710
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleGroupReferenceStatement AWS API Documentation
@@ -8172,8 +8813,8 @@ module Aws::WAFV2
8172
8813
  # @return [Time]
8173
8814
  #
8174
8815
  # @!attribute [rw] action
8175
- # The action for the `Rule` that the request matched: `ALLOW`,
8176
- # `BLOCK`, or `COUNT`.
8816
+ # The action for the `Rule` that the request matched: `Allow`,
8817
+ # `Block`, or `Count`.
8177
8818
  # @return [String]
8178
8819
  #
8179
8820
  # @!attribute [rw] rule_name_within_rule_group
@@ -8204,6 +8845,10 @@ module Aws::WAFV2
8204
8845
  # or `awswaf:managed:aws:managed-rule-set:header:encoding:utf8`.
8205
8846
  # @return [Array<Types::Label>]
8206
8847
  #
8848
+ # @!attribute [rw] captcha_response
8849
+ # The `CAPTCHA` response for the request.
8850
+ # @return [Types::CaptchaResponse]
8851
+ #
8207
8852
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
8208
8853
  #
8209
8854
  class SampledHTTPRequest < Struct.new(
@@ -8214,7 +8859,8 @@ module Aws::WAFV2
8214
8859
  :rule_name_within_rule_group,
8215
8860
  :request_headers_inserted,
8216
8861
  :response_code_sent,
8217
- :labels)
8862
+ :labels,
8863
+ :captcha_response)
8218
8864
  SENSITIVE = []
8219
8865
  include Aws::Structure
8220
8866
  end
@@ -8887,6 +9533,42 @@ module Aws::WAFV2
8887
9533
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8888
9534
  # key: "LabelMatchKey", # required
8889
9535
  # },
9536
+ # regex_match_statement: {
9537
+ # regex_string: "RegexPatternString", # required
9538
+ # field_to_match: { # required
9539
+ # single_header: {
9540
+ # name: "FieldToMatchData", # required
9541
+ # },
9542
+ # single_query_argument: {
9543
+ # name: "FieldToMatchData", # required
9544
+ # },
9545
+ # all_query_arguments: {
9546
+ # },
9547
+ # uri_path: {
9548
+ # },
9549
+ # query_string: {
9550
+ # },
9551
+ # body: {
9552
+ # },
9553
+ # method: {
9554
+ # },
9555
+ # json_body: {
9556
+ # match_pattern: { # required
9557
+ # all: {
9558
+ # },
9559
+ # included_paths: ["JsonPointerPath"],
9560
+ # },
9561
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9562
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9563
+ # },
9564
+ # },
9565
+ # text_transformations: [ # required
9566
+ # {
9567
+ # priority: 1, # required
9568
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9569
+ # },
9570
+ # ],
9571
+ # },
8890
9572
  # },
8891
9573
  # forwarded_ip_config: {
8892
9574
  # header_name: "ForwardedIPHeaderName", # required
@@ -9140,6 +9822,42 @@ module Aws::WAFV2
9140
9822
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9141
9823
  # key: "LabelMatchKey", # required
9142
9824
  # },
9825
+ # regex_match_statement: {
9826
+ # regex_string: "RegexPatternString", # required
9827
+ # field_to_match: { # required
9828
+ # single_header: {
9829
+ # name: "FieldToMatchData", # required
9830
+ # },
9831
+ # single_query_argument: {
9832
+ # name: "FieldToMatchData", # required
9833
+ # },
9834
+ # all_query_arguments: {
9835
+ # },
9836
+ # uri_path: {
9837
+ # },
9838
+ # query_string: {
9839
+ # },
9840
+ # body: {
9841
+ # },
9842
+ # method: {
9843
+ # },
9844
+ # json_body: {
9845
+ # match_pattern: { # required
9846
+ # all: {
9847
+ # },
9848
+ # included_paths: ["JsonPointerPath"],
9849
+ # },
9850
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9851
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9852
+ # },
9853
+ # },
9854
+ # text_transformations: [ # required
9855
+ # {
9856
+ # priority: 1, # required
9857
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9858
+ # },
9859
+ # ],
9860
+ # },
9143
9861
  # },
9144
9862
  # ],
9145
9863
  # },
@@ -9390,6 +10108,42 @@ module Aws::WAFV2
9390
10108
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9391
10109
  # key: "LabelMatchKey", # required
9392
10110
  # },
10111
+ # regex_match_statement: {
10112
+ # regex_string: "RegexPatternString", # required
10113
+ # field_to_match: { # required
10114
+ # single_header: {
10115
+ # name: "FieldToMatchData", # required
10116
+ # },
10117
+ # single_query_argument: {
10118
+ # name: "FieldToMatchData", # required
10119
+ # },
10120
+ # all_query_arguments: {
10121
+ # },
10122
+ # uri_path: {
10123
+ # },
10124
+ # query_string: {
10125
+ # },
10126
+ # body: {
10127
+ # },
10128
+ # method: {
10129
+ # },
10130
+ # json_body: {
10131
+ # match_pattern: { # required
10132
+ # all: {
10133
+ # },
10134
+ # included_paths: ["JsonPointerPath"],
10135
+ # },
10136
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10137
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10138
+ # },
10139
+ # },
10140
+ # text_transformations: [ # required
10141
+ # {
10142
+ # priority: 1, # required
10143
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10144
+ # },
10145
+ # ],
10146
+ # },
9393
10147
  # },
9394
10148
  # ],
9395
10149
  # },
@@ -9643,6 +10397,42 @@ module Aws::WAFV2
9643
10397
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9644
10398
  # key: "LabelMatchKey", # required
9645
10399
  # },
10400
+ # regex_match_statement: {
10401
+ # regex_string: "RegexPatternString", # required
10402
+ # field_to_match: { # required
10403
+ # single_header: {
10404
+ # name: "FieldToMatchData", # required
10405
+ # },
10406
+ # single_query_argument: {
10407
+ # name: "FieldToMatchData", # required
10408
+ # },
10409
+ # all_query_arguments: {
10410
+ # },
10411
+ # uri_path: {
10412
+ # },
10413
+ # query_string: {
10414
+ # },
10415
+ # body: {
10416
+ # },
10417
+ # method: {
10418
+ # },
10419
+ # json_body: {
10420
+ # match_pattern: { # required
10421
+ # all: {
10422
+ # },
10423
+ # included_paths: ["JsonPointerPath"],
10424
+ # },
10425
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10426
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10427
+ # },
10428
+ # },
10429
+ # text_transformations: [ # required
10430
+ # {
10431
+ # priority: 1, # required
10432
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10433
+ # },
10434
+ # ],
10435
+ # },
9646
10436
  # },
9647
10437
  # },
9648
10438
  # managed_rule_group_statement: {
@@ -9895,12 +10685,84 @@ module Aws::WAFV2
9895
10685
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9896
10686
  # key: "LabelMatchKey", # required
9897
10687
  # },
10688
+ # regex_match_statement: {
10689
+ # regex_string: "RegexPatternString", # required
10690
+ # field_to_match: { # required
10691
+ # single_header: {
10692
+ # name: "FieldToMatchData", # required
10693
+ # },
10694
+ # single_query_argument: {
10695
+ # name: "FieldToMatchData", # required
10696
+ # },
10697
+ # all_query_arguments: {
10698
+ # },
10699
+ # uri_path: {
10700
+ # },
10701
+ # query_string: {
10702
+ # },
10703
+ # body: {
10704
+ # },
10705
+ # method: {
10706
+ # },
10707
+ # json_body: {
10708
+ # match_pattern: { # required
10709
+ # all: {
10710
+ # },
10711
+ # included_paths: ["JsonPointerPath"],
10712
+ # },
10713
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10714
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10715
+ # },
10716
+ # },
10717
+ # text_transformations: [ # required
10718
+ # {
10719
+ # priority: 1, # required
10720
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10721
+ # },
10722
+ # ],
10723
+ # },
9898
10724
  # },
9899
10725
  # },
9900
10726
  # label_match_statement: {
9901
10727
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9902
10728
  # key: "LabelMatchKey", # required
9903
10729
  # },
10730
+ # regex_match_statement: {
10731
+ # regex_string: "RegexPatternString", # required
10732
+ # field_to_match: { # required
10733
+ # single_header: {
10734
+ # name: "FieldToMatchData", # required
10735
+ # },
10736
+ # single_query_argument: {
10737
+ # name: "FieldToMatchData", # required
10738
+ # },
10739
+ # all_query_arguments: {
10740
+ # },
10741
+ # uri_path: {
10742
+ # },
10743
+ # query_string: {
10744
+ # },
10745
+ # body: {
10746
+ # },
10747
+ # method: {
10748
+ # },
10749
+ # json_body: {
10750
+ # match_pattern: { # required
10751
+ # all: {
10752
+ # },
10753
+ # included_paths: ["JsonPointerPath"],
10754
+ # },
10755
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10756
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10757
+ # },
10758
+ # },
10759
+ # text_transformations: [ # required
10760
+ # {
10761
+ # priority: 1, # required
10762
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10763
+ # },
10764
+ # ],
10765
+ # },
9904
10766
  # }
9905
10767
  #
9906
10768
  # @!attribute [rw] byte_match_statement
@@ -10082,6 +10944,11 @@ module Aws::WAFV2
10082
10944
  # that were added in the same context as the label match statement.
10083
10945
  # @return [Types::LabelMatchStatement]
10084
10946
  #
10947
+ # @!attribute [rw] regex_match_statement
10948
+ # A rule statement used to search web request components for a match
10949
+ # against a single regular expression.
10950
+ # @return [Types::RegexMatchStatement]
10951
+ #
10085
10952
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Statement AWS API Documentation
10086
10953
  #
10087
10954
  class Statement < Struct.new(
@@ -10098,7 +10965,8 @@ module Aws::WAFV2
10098
10965
  :or_statement,
10099
10966
  :not_statement,
10100
10967
  :managed_rule_group_statement,
10101
- :label_match_statement)
10968
+ :label_match_statement,
10969
+ :regex_match_statement)
10102
10970
  SENSITIVE = []
10103
10971
  include Aws::Structure
10104
10972
  end
@@ -11024,6 +11892,42 @@ module Aws::WAFV2
11024
11892
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
11025
11893
  # key: "LabelMatchKey", # required
11026
11894
  # },
11895
+ # regex_match_statement: {
11896
+ # regex_string: "RegexPatternString", # required
11897
+ # field_to_match: { # required
11898
+ # single_header: {
11899
+ # name: "FieldToMatchData", # required
11900
+ # },
11901
+ # single_query_argument: {
11902
+ # name: "FieldToMatchData", # required
11903
+ # },
11904
+ # all_query_arguments: {
11905
+ # },
11906
+ # uri_path: {
11907
+ # },
11908
+ # query_string: {
11909
+ # },
11910
+ # body: {
11911
+ # },
11912
+ # method: {
11913
+ # },
11914
+ # json_body: {
11915
+ # match_pattern: { # required
11916
+ # all: {
11917
+ # },
11918
+ # included_paths: ["JsonPointerPath"],
11919
+ # },
11920
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
11921
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
11922
+ # },
11923
+ # },
11924
+ # text_transformations: [ # required
11925
+ # {
11926
+ # priority: 1, # required
11927
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
11928
+ # },
11929
+ # ],
11930
+ # },
11027
11931
  # },
11028
11932
  # action: {
11029
11933
  # block: {
@@ -11058,6 +11962,16 @@ module Aws::WAFV2
11058
11962
  # ],
11059
11963
  # },
11060
11964
  # },
11965
+ # captcha: {
11966
+ # custom_request_handling: {
11967
+ # insert_headers: [ # required
11968
+ # {
11969
+ # name: "CustomHTTPHeaderName", # required
11970
+ # value: "CustomHTTPHeaderValue", # required
11971
+ # },
11972
+ # ],
11973
+ # },
11974
+ # },
11061
11975
  # },
11062
11976
  # override_action: {
11063
11977
  # count: {
@@ -11083,6 +11997,11 @@ module Aws::WAFV2
11083
11997
  # cloud_watch_metrics_enabled: false, # required
11084
11998
  # metric_name: "MetricName", # required
11085
11999
  # },
12000
+ # captcha_config: {
12001
+ # immunity_time_property: {
12002
+ # immunity_time: 1, # required
12003
+ # },
12004
+ # },
11086
12005
  # },
11087
12006
  # ],
11088
12007
  # visibility_config: { # required
@@ -11490,6 +12409,42 @@ module Aws::WAFV2
11490
12409
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
11491
12410
  # key: "LabelMatchKey", # required
11492
12411
  # },
12412
+ # regex_match_statement: {
12413
+ # regex_string: "RegexPatternString", # required
12414
+ # field_to_match: { # required
12415
+ # single_header: {
12416
+ # name: "FieldToMatchData", # required
12417
+ # },
12418
+ # single_query_argument: {
12419
+ # name: "FieldToMatchData", # required
12420
+ # },
12421
+ # all_query_arguments: {
12422
+ # },
12423
+ # uri_path: {
12424
+ # },
12425
+ # query_string: {
12426
+ # },
12427
+ # body: {
12428
+ # },
12429
+ # method: {
12430
+ # },
12431
+ # json_body: {
12432
+ # match_pattern: { # required
12433
+ # all: {
12434
+ # },
12435
+ # included_paths: ["JsonPointerPath"],
12436
+ # },
12437
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
12438
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
12439
+ # },
12440
+ # },
12441
+ # text_transformations: [ # required
12442
+ # {
12443
+ # priority: 1, # required
12444
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
12445
+ # },
12446
+ # ],
12447
+ # },
11493
12448
  # },
11494
12449
  # action: {
11495
12450
  # block: {
@@ -11524,6 +12479,16 @@ module Aws::WAFV2
11524
12479
  # ],
11525
12480
  # },
11526
12481
  # },
12482
+ # captcha: {
12483
+ # custom_request_handling: {
12484
+ # insert_headers: [ # required
12485
+ # {
12486
+ # name: "CustomHTTPHeaderName", # required
12487
+ # value: "CustomHTTPHeaderValue", # required
12488
+ # },
12489
+ # ],
12490
+ # },
12491
+ # },
11527
12492
  # },
11528
12493
  # override_action: {
11529
12494
  # count: {
@@ -11549,6 +12514,11 @@ module Aws::WAFV2
11549
12514
  # cloud_watch_metrics_enabled: false, # required
11550
12515
  # metric_name: "MetricName", # required
11551
12516
  # },
12517
+ # captcha_config: {
12518
+ # immunity_time_property: {
12519
+ # immunity_time: 1, # required
12520
+ # },
12521
+ # },
11552
12522
  # },
11553
12523
  # ],
11554
12524
  # visibility_config: { # required
@@ -11563,6 +12533,11 @@ module Aws::WAFV2
11563
12533
  # content: "ResponseContent", # required
11564
12534
  # },
11565
12535
  # },
12536
+ # captcha_config: {
12537
+ # immunity_time_property: {
12538
+ # immunity_time: 1, # required
12539
+ # },
12540
+ # },
11566
12541
  # }
11567
12542
  #
11568
12543
  # @!attribute [rw] name
@@ -11645,6 +12620,12 @@ module Aws::WAFV2
11645
12620
  # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
11646
12621
  # @return [Hash<String,Types::CustomResponseBody>]
11647
12622
  #
12623
+ # @!attribute [rw] captcha_config
12624
+ # Specifies how WAF should handle `CAPTCHA` evaluations for rules that
12625
+ # don't have their own `CaptchaConfig` settings. If you don't
12626
+ # specify this, WAF uses its default settings for `CaptchaConfig`.
12627
+ # @return [Types::CaptchaConfig]
12628
+ #
11648
12629
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
11649
12630
  #
11650
12631
  class UpdateWebACLRequest < Struct.new(
@@ -11656,7 +12637,8 @@ module Aws::WAFV2
11656
12637
  :rules,
11657
12638
  :visibility_config,
11658
12639
  :lock_token,
11659
- :custom_response_bodies)
12640
+ :custom_response_bodies,
12641
+ :captcha_config)
11660
12642
  SENSITIVE = []
11661
12643
  include Aws::Structure
11662
12644
  end
@@ -12196,6 +13178,12 @@ module Aws::WAFV2
12196
13178
  # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
12197
13179
  # @return [Hash<String,Types::CustomResponseBody>]
12198
13180
  #
13181
+ # @!attribute [rw] captcha_config
13182
+ # Specifies how WAF should handle `CAPTCHA` evaluations for rules that
13183
+ # don't have their own `CaptchaConfig` settings. If you don't
13184
+ # specify this, WAF uses its default settings for `CaptchaConfig`.
13185
+ # @return [Types::CaptchaConfig]
13186
+ #
12199
13187
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
12200
13188
  #
12201
13189
  class WebACL < Struct.new(
@@ -12211,7 +13199,8 @@ module Aws::WAFV2
12211
13199
  :post_process_firewall_manager_rule_groups,
12212
13200
  :managed_by_firewall_manager,
12213
13201
  :label_namespace,
12214
- :custom_response_bodies)
13202
+ :custom_response_bodies,
13203
+ :captcha_config)
12215
13204
  SENSITIVE = []
12216
13205
  include Aws::Structure
12217
13206
  end