aws-sdk-wafv2 1.29.0 → 1.33.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2/client.rb +147 -27
- data/lib/aws-sdk-wafv2/client_api.rb +34 -1
- data/lib/aws-sdk-wafv2/errors.rb +16 -0
- data/lib/aws-sdk-wafv2/types.rb +402 -76
- data/lib/aws-sdk-wafv2.rb +1 -1
- metadata +4 -4
data/lib/aws-sdk-wafv2/types.rb
CHANGED
|
@@ -16,7 +16,7 @@ module Aws::WAFV2
|
|
|
16
16
|
# data as a hash:
|
|
17
17
|
#
|
|
18
18
|
# {
|
|
19
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
19
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
20
20
|
# }
|
|
21
21
|
#
|
|
22
22
|
# @!attribute [rw] action
|
|
@@ -660,6 +660,125 @@ module Aws::WAFV2
|
|
|
660
660
|
include Aws::Structure
|
|
661
661
|
end
|
|
662
662
|
|
|
663
|
+
# Specifies that WAF should run a `CAPTCHA` check against the request:
|
|
664
|
+
#
|
|
665
|
+
# * If the request includes a valid, unexpired `CAPTCHA` token, WAF
|
|
666
|
+
# allows the web request inspection to proceed to the next rule,
|
|
667
|
+
# similar to a `CountAction`.
|
|
668
|
+
#
|
|
669
|
+
# * If the request doesn't include a valid, unexpired `CAPTCHA` token,
|
|
670
|
+
# WAF discontinues the web ACL evaluation of the request and blocks it
|
|
671
|
+
# from going to its intended destination.
|
|
672
|
+
#
|
|
673
|
+
# WAF generates a response that it sends back to the client, which
|
|
674
|
+
# includes the following:
|
|
675
|
+
#
|
|
676
|
+
# * The header `x-amzn-waf-action` with a value of `captcha`.
|
|
677
|
+
#
|
|
678
|
+
# * The HTTP status code `405 Method Not Allowed`.
|
|
679
|
+
#
|
|
680
|
+
# * If the request contains an `Accept` header with a value of
|
|
681
|
+
# `text/html`, the response includes a `CAPTCHA` challenge.
|
|
682
|
+
#
|
|
683
|
+
# You can configure the expiration time in the `CaptchaConfig`
|
|
684
|
+
# `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
|
|
685
|
+
# setting overrides the web ACL setting.
|
|
686
|
+
#
|
|
687
|
+
# This action option is available for rules. It isn't available for web
|
|
688
|
+
# ACL default actions.
|
|
689
|
+
#
|
|
690
|
+
# This is used in the context of other settings, for example to specify
|
|
691
|
+
# values for RuleAction and web ACL DefaultAction.
|
|
692
|
+
#
|
|
693
|
+
# @note When making an API call, you may pass CaptchaAction
|
|
694
|
+
# data as a hash:
|
|
695
|
+
#
|
|
696
|
+
# {
|
|
697
|
+
# custom_request_handling: {
|
|
698
|
+
# insert_headers: [ # required
|
|
699
|
+
# {
|
|
700
|
+
# name: "CustomHTTPHeaderName", # required
|
|
701
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
702
|
+
# },
|
|
703
|
+
# ],
|
|
704
|
+
# },
|
|
705
|
+
# }
|
|
706
|
+
#
|
|
707
|
+
# @!attribute [rw] custom_request_handling
|
|
708
|
+
# Defines custom handling for the web request.
|
|
709
|
+
#
|
|
710
|
+
# For information about customizing web requests and responses, see
|
|
711
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
|
712
|
+
# Developer Guide][2].
|
|
713
|
+
#
|
|
714
|
+
#
|
|
715
|
+
#
|
|
716
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
|
717
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
|
718
|
+
# @return [Types::CustomRequestHandling]
|
|
719
|
+
#
|
|
720
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
|
|
721
|
+
#
|
|
722
|
+
class CaptchaAction < Struct.new(
|
|
723
|
+
:custom_request_handling)
|
|
724
|
+
SENSITIVE = []
|
|
725
|
+
include Aws::Structure
|
|
726
|
+
end
|
|
727
|
+
|
|
728
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations. This is
|
|
729
|
+
# available at the web ACL level and in each rule.
|
|
730
|
+
#
|
|
731
|
+
# @note When making an API call, you may pass CaptchaConfig
|
|
732
|
+
# data as a hash:
|
|
733
|
+
#
|
|
734
|
+
# {
|
|
735
|
+
# immunity_time_property: {
|
|
736
|
+
# immunity_time: 1, # required
|
|
737
|
+
# },
|
|
738
|
+
# }
|
|
739
|
+
#
|
|
740
|
+
# @!attribute [rw] immunity_time_property
|
|
741
|
+
# Determines how long a `CAPTCHA` token remains valid after the client
|
|
742
|
+
# successfully solves a `CAPTCHA` puzzle.
|
|
743
|
+
# @return [Types::ImmunityTimeProperty]
|
|
744
|
+
#
|
|
745
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaConfig AWS API Documentation
|
|
746
|
+
#
|
|
747
|
+
class CaptchaConfig < Struct.new(
|
|
748
|
+
:immunity_time_property)
|
|
749
|
+
SENSITIVE = []
|
|
750
|
+
include Aws::Structure
|
|
751
|
+
end
|
|
752
|
+
|
|
753
|
+
# The result from the inspection of the web request for a valid
|
|
754
|
+
# `CAPTCHA` token.
|
|
755
|
+
#
|
|
756
|
+
# @!attribute [rw] response_code
|
|
757
|
+
# The HTTP response code indicating the status of the `CAPTCHA` token
|
|
758
|
+
# in the web request. If the token is missing, invalid, or expired,
|
|
759
|
+
# this code is `405 Method Not Allowed`.
|
|
760
|
+
# @return [Integer]
|
|
761
|
+
#
|
|
762
|
+
# @!attribute [rw] solve_timestamp
|
|
763
|
+
# The time that the `CAPTCHA` puzzle was solved for the supplied
|
|
764
|
+
# token.
|
|
765
|
+
# @return [Integer]
|
|
766
|
+
#
|
|
767
|
+
# @!attribute [rw] failure_reason
|
|
768
|
+
# The reason for failure, populated when the evaluation of the token
|
|
769
|
+
# fails.
|
|
770
|
+
# @return [String]
|
|
771
|
+
#
|
|
772
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaResponse AWS API Documentation
|
|
773
|
+
#
|
|
774
|
+
class CaptchaResponse < Struct.new(
|
|
775
|
+
:response_code,
|
|
776
|
+
:solve_timestamp,
|
|
777
|
+
:failure_reason)
|
|
778
|
+
SENSITIVE = []
|
|
779
|
+
include Aws::Structure
|
|
780
|
+
end
|
|
781
|
+
|
|
663
782
|
# @note When making an API call, you may pass CheckCapacityRequest
|
|
664
783
|
# data as a hash:
|
|
665
784
|
#
|
|
@@ -990,6 +1109,16 @@ module Aws::WAFV2
|
|
|
990
1109
|
# ],
|
|
991
1110
|
# },
|
|
992
1111
|
# },
|
|
1112
|
+
# captcha: {
|
|
1113
|
+
# custom_request_handling: {
|
|
1114
|
+
# insert_headers: [ # required
|
|
1115
|
+
# {
|
|
1116
|
+
# name: "CustomHTTPHeaderName", # required
|
|
1117
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
1118
|
+
# },
|
|
1119
|
+
# ],
|
|
1120
|
+
# },
|
|
1121
|
+
# },
|
|
993
1122
|
# },
|
|
994
1123
|
# override_action: {
|
|
995
1124
|
# count: {
|
|
@@ -1015,6 +1144,11 @@ module Aws::WAFV2
|
|
|
1015
1144
|
# cloud_watch_metrics_enabled: false, # required
|
|
1016
1145
|
# metric_name: "MetricName", # required
|
|
1017
1146
|
# },
|
|
1147
|
+
# captcha_config: {
|
|
1148
|
+
# immunity_time_property: {
|
|
1149
|
+
# immunity_time: 1, # required
|
|
1150
|
+
# },
|
|
1151
|
+
# },
|
|
1018
1152
|
# },
|
|
1019
1153
|
# ],
|
|
1020
1154
|
# }
|
|
@@ -1067,7 +1201,7 @@ module Aws::WAFV2
|
|
|
1067
1201
|
#
|
|
1068
1202
|
# {
|
|
1069
1203
|
# action_condition: {
|
|
1070
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
1204
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
1071
1205
|
# },
|
|
1072
1206
|
# label_name_condition: {
|
|
1073
1207
|
# label_name: "LabelName", # required
|
|
@@ -1656,6 +1790,16 @@ module Aws::WAFV2
|
|
|
1656
1790
|
# ],
|
|
1657
1791
|
# },
|
|
1658
1792
|
# },
|
|
1793
|
+
# captcha: {
|
|
1794
|
+
# custom_request_handling: {
|
|
1795
|
+
# insert_headers: [ # required
|
|
1796
|
+
# {
|
|
1797
|
+
# name: "CustomHTTPHeaderName", # required
|
|
1798
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
1799
|
+
# },
|
|
1800
|
+
# ],
|
|
1801
|
+
# },
|
|
1802
|
+
# },
|
|
1659
1803
|
# },
|
|
1660
1804
|
# override_action: {
|
|
1661
1805
|
# count: {
|
|
@@ -1681,6 +1825,11 @@ module Aws::WAFV2
|
|
|
1681
1825
|
# cloud_watch_metrics_enabled: false, # required
|
|
1682
1826
|
# metric_name: "MetricName", # required
|
|
1683
1827
|
# },
|
|
1828
|
+
# captcha_config: {
|
|
1829
|
+
# immunity_time_property: {
|
|
1830
|
+
# immunity_time: 1, # required
|
|
1831
|
+
# },
|
|
1832
|
+
# },
|
|
1684
1833
|
# },
|
|
1685
1834
|
# ],
|
|
1686
1835
|
# visibility_config: { # required
|
|
@@ -2168,6 +2317,16 @@ module Aws::WAFV2
|
|
|
2168
2317
|
# ],
|
|
2169
2318
|
# },
|
|
2170
2319
|
# },
|
|
2320
|
+
# captcha: {
|
|
2321
|
+
# custom_request_handling: {
|
|
2322
|
+
# insert_headers: [ # required
|
|
2323
|
+
# {
|
|
2324
|
+
# name: "CustomHTTPHeaderName", # required
|
|
2325
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
2326
|
+
# },
|
|
2327
|
+
# ],
|
|
2328
|
+
# },
|
|
2329
|
+
# },
|
|
2171
2330
|
# },
|
|
2172
2331
|
# override_action: {
|
|
2173
2332
|
# count: {
|
|
@@ -2193,6 +2352,11 @@ module Aws::WAFV2
|
|
|
2193
2352
|
# cloud_watch_metrics_enabled: false, # required
|
|
2194
2353
|
# metric_name: "MetricName", # required
|
|
2195
2354
|
# },
|
|
2355
|
+
# captcha_config: {
|
|
2356
|
+
# immunity_time_property: {
|
|
2357
|
+
# immunity_time: 1, # required
|
|
2358
|
+
# },
|
|
2359
|
+
# },
|
|
2196
2360
|
# },
|
|
2197
2361
|
# ],
|
|
2198
2362
|
# visibility_config: { # required
|
|
@@ -2212,6 +2376,11 @@ module Aws::WAFV2
|
|
|
2212
2376
|
# content: "ResponseContent", # required
|
|
2213
2377
|
# },
|
|
2214
2378
|
# },
|
|
2379
|
+
# captcha_config: {
|
|
2380
|
+
# immunity_time_property: {
|
|
2381
|
+
# immunity_time: 1, # required
|
|
2382
|
+
# },
|
|
2383
|
+
# },
|
|
2215
2384
|
# }
|
|
2216
2385
|
#
|
|
2217
2386
|
# @!attribute [rw] name
|
|
@@ -2280,6 +2449,12 @@ module Aws::WAFV2
|
|
|
2280
2449
|
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
|
2281
2450
|
# @return [Hash<String,Types::CustomResponseBody>]
|
|
2282
2451
|
#
|
|
2452
|
+
# @!attribute [rw] captcha_config
|
|
2453
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations for rules that
|
|
2454
|
+
# don't have their own `CaptchaConfig` settings. If you don't
|
|
2455
|
+
# specify this, WAF uses its default settings for `CaptchaConfig`.
|
|
2456
|
+
# @return [Types::CaptchaConfig]
|
|
2457
|
+
#
|
|
2283
2458
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
|
|
2284
2459
|
#
|
|
2285
2460
|
class CreateWebACLRequest < Struct.new(
|
|
@@ -2290,7 +2465,8 @@ module Aws::WAFV2
|
|
|
2290
2465
|
:rules,
|
|
2291
2466
|
:visibility_config,
|
|
2292
2467
|
:tags,
|
|
2293
|
-
:custom_response_bodies
|
|
2468
|
+
:custom_response_bodies,
|
|
2469
|
+
:captcha_config)
|
|
2294
2470
|
SENSITIVE = []
|
|
2295
2471
|
include Aws::Structure
|
|
2296
2472
|
end
|
|
@@ -3073,10 +3249,11 @@ module Aws::WAFV2
|
|
|
3073
3249
|
#
|
|
3074
3250
|
class DisassociateWebACLResponse < Aws::EmptyStructure; end
|
|
3075
3251
|
|
|
3076
|
-
# Specifies a single rule
|
|
3077
|
-
#
|
|
3078
|
-
#
|
|
3079
|
-
#
|
|
3252
|
+
# Specifies a single rule in a rule group whose action you want to
|
|
3253
|
+
# override to `Count`. When you exclude a rule, WAF evaluates it exactly
|
|
3254
|
+
# as it would if the rule action setting were `Count`. This is a useful
|
|
3255
|
+
# option for testing the rules in a rule group without modifying how
|
|
3256
|
+
# they handle your web traffic.
|
|
3080
3257
|
#
|
|
3081
3258
|
# @note When making an API call, you may pass ExcludedRule
|
|
3082
3259
|
# data as a hash:
|
|
@@ -3086,7 +3263,7 @@ module Aws::WAFV2
|
|
|
3086
3263
|
# }
|
|
3087
3264
|
#
|
|
3088
3265
|
# @!attribute [rw] name
|
|
3089
|
-
# The name of the rule to
|
|
3266
|
+
# The name of the rule whose action you want to override to `Count`.
|
|
3090
3267
|
# @return [String]
|
|
3091
3268
|
#
|
|
3092
3269
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ExcludedRule AWS API Documentation
|
|
@@ -3241,7 +3418,7 @@ module Aws::WAFV2
|
|
|
3241
3418
|
# conditions: [ # required
|
|
3242
3419
|
# {
|
|
3243
3420
|
# action_condition: {
|
|
3244
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
3421
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
3245
3422
|
# },
|
|
3246
3423
|
# label_name_condition: {
|
|
3247
3424
|
# label_name: "LabelName", # required
|
|
@@ -3297,22 +3474,21 @@ module Aws::WAFV2
|
|
|
3297
3474
|
# @return [Types::FirewallManagerStatement]
|
|
3298
3475
|
#
|
|
3299
3476
|
# @!attribute [rw] override_action
|
|
3300
|
-
# The
|
|
3301
|
-
#
|
|
3302
|
-
#
|
|
3303
|
-
#
|
|
3304
|
-
# Set the override action to none to leave the rule actions in effect.
|
|
3305
|
-
# Set it to count to only count matches, regardless of the rule action
|
|
3306
|
-
# settings.
|
|
3477
|
+
# The action to use in the place of the action that results from the
|
|
3478
|
+
# rule group evaluation. Set the override action to none to leave the
|
|
3479
|
+
# result of the rule group alone. Set it to count to override the
|
|
3480
|
+
# result to count only.
|
|
3307
3481
|
#
|
|
3308
|
-
#
|
|
3309
|
-
#
|
|
3482
|
+
# You can only use this for rule statements that reference a rule
|
|
3483
|
+
# group, like `RuleGroupReferenceStatement` and
|
|
3484
|
+
# `ManagedRuleGroupStatement`.
|
|
3310
3485
|
#
|
|
3311
|
-
#
|
|
3312
|
-
#
|
|
3486
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
3487
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
3488
|
+
# group to only count matches, do not use this and instead exclude
|
|
3489
|
+
# those rules in your rule group reference statement settings.
|
|
3313
3490
|
#
|
|
3314
|
-
#
|
|
3315
|
-
# rule action setting and not this rule override action setting.
|
|
3491
|
+
# </note>
|
|
3316
3492
|
# @return [Types::OverrideAction]
|
|
3317
3493
|
#
|
|
3318
3494
|
# @!attribute [rw] visibility_config
|
|
@@ -4443,6 +4619,29 @@ module Aws::WAFV2
|
|
|
4443
4619
|
include Aws::Structure
|
|
4444
4620
|
end
|
|
4445
4621
|
|
|
4622
|
+
# Determines how long a `CAPTCHA` token remains valid after the client
|
|
4623
|
+
# successfully solves a `CAPTCHA` puzzle.
|
|
4624
|
+
#
|
|
4625
|
+
# @note When making an API call, you may pass ImmunityTimeProperty
|
|
4626
|
+
# data as a hash:
|
|
4627
|
+
#
|
|
4628
|
+
# {
|
|
4629
|
+
# immunity_time: 1, # required
|
|
4630
|
+
# }
|
|
4631
|
+
#
|
|
4632
|
+
# @!attribute [rw] immunity_time
|
|
4633
|
+
# The amount of time, in seconds, that a `CAPTCHA` token is valid. The
|
|
4634
|
+
# default setting is 300.
|
|
4635
|
+
# @return [Integer]
|
|
4636
|
+
#
|
|
4637
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ImmunityTimeProperty AWS API Documentation
|
|
4638
|
+
#
|
|
4639
|
+
class ImmunityTimeProperty < Struct.new(
|
|
4640
|
+
:immunity_time)
|
|
4641
|
+
SENSITIVE = []
|
|
4642
|
+
include Aws::Structure
|
|
4643
|
+
end
|
|
4644
|
+
|
|
4446
4645
|
# The body of a web request, inspected as JSON. The body immediately
|
|
4447
4646
|
# follows the request headers. This is used in the FieldToMatch
|
|
4448
4647
|
# specification.
|
|
@@ -4923,7 +5122,7 @@ module Aws::WAFV2
|
|
|
4923
5122
|
# data as a hash:
|
|
4924
5123
|
#
|
|
4925
5124
|
# {
|
|
4926
|
-
# scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
|
|
5125
|
+
# scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
|
|
4927
5126
|
# next_marker: "NextMarker",
|
|
4928
5127
|
# limit: 1,
|
|
4929
5128
|
# }
|
|
@@ -5364,11 +5563,18 @@ module Aws::WAFV2
|
|
|
5364
5563
|
include Aws::Structure
|
|
5365
5564
|
end
|
|
5366
5565
|
|
|
5367
|
-
# Defines an association between
|
|
5368
|
-
#
|
|
5369
|
-
#
|
|
5370
|
-
#
|
|
5371
|
-
#
|
|
5566
|
+
# Defines an association between logging destinations and a web ACL
|
|
5567
|
+
# resource, for logging from WAF. As part of the association, you can
|
|
5568
|
+
# specify parts of the standard logging fields to keep out of the logs
|
|
5569
|
+
# and you can specify filters so that you log only a subset of the
|
|
5570
|
+
# logging records.
|
|
5571
|
+
#
|
|
5572
|
+
# For information about configuring web ACL logging destinations, see
|
|
5573
|
+
# [Logging web ACL traffic information][1] in the *WAF Developer Guide*.
|
|
5574
|
+
#
|
|
5575
|
+
#
|
|
5576
|
+
#
|
|
5577
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
|
|
5372
5578
|
#
|
|
5373
5579
|
# @note When making an API call, you may pass LoggingConfiguration
|
|
5374
5580
|
# data as a hash:
|
|
@@ -5414,7 +5620,7 @@ module Aws::WAFV2
|
|
|
5414
5620
|
# conditions: [ # required
|
|
5415
5621
|
# {
|
|
5416
5622
|
# action_condition: {
|
|
5417
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
5623
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
5418
5624
|
# },
|
|
5419
5625
|
# label_name_condition: {
|
|
5420
5626
|
# label_name: "LabelName", # required
|
|
@@ -5433,14 +5639,14 @@ module Aws::WAFV2
|
|
|
5433
5639
|
# @return [String]
|
|
5434
5640
|
#
|
|
5435
5641
|
# @!attribute [rw] log_destination_configs
|
|
5436
|
-
# The Amazon
|
|
5642
|
+
# The Amazon Resource Names (ARNs) of the logging destinations that
|
|
5437
5643
|
# you want to associate with the web ACL.
|
|
5438
5644
|
# @return [Array<String>]
|
|
5439
5645
|
#
|
|
5440
5646
|
# @!attribute [rw] redacted_fields
|
|
5441
5647
|
# The parts of the request that you want to keep out of the logs. For
|
|
5442
5648
|
# example, if you redact the `SingleHeader` field, the `HEADER` field
|
|
5443
|
-
# in the
|
|
5649
|
+
# in the logs will be `xxx`.
|
|
5444
5650
|
#
|
|
5445
5651
|
# <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
|
|
5446
5652
|
# `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
|
|
@@ -5490,7 +5696,7 @@ module Aws::WAFV2
|
|
|
5490
5696
|
# conditions: [ # required
|
|
5491
5697
|
# {
|
|
5492
5698
|
# action_condition: {
|
|
5493
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
5699
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
5494
5700
|
# },
|
|
5495
5701
|
# label_name_condition: {
|
|
5496
5702
|
# label_name: "LabelName", # required
|
|
@@ -5850,9 +6056,11 @@ module Aws::WAFV2
|
|
|
5850
6056
|
# @return [String]
|
|
5851
6057
|
#
|
|
5852
6058
|
# @!attribute [rw] excluded_rules
|
|
5853
|
-
# The rules whose actions are set to
|
|
5854
|
-
#
|
|
5855
|
-
#
|
|
6059
|
+
# The rules in the referenced rule group whose actions are set to
|
|
6060
|
+
# `Count`. When you exclude a rule, WAF evaluates it exactly as it
|
|
6061
|
+
# would if the rule action setting were `Count`. This is a useful
|
|
6062
|
+
# option for testing the rules in a rule group without modifying how
|
|
6063
|
+
# they handle your web traffic.
|
|
5856
6064
|
# @return [Array<Types::ExcludedRule>]
|
|
5857
6065
|
#
|
|
5858
6066
|
# @!attribute [rw] scope_down_statement
|
|
@@ -6174,9 +6382,9 @@ module Aws::WAFV2
|
|
|
6174
6382
|
#
|
|
6175
6383
|
class Method < Aws::EmptyStructure; end
|
|
6176
6384
|
|
|
6177
|
-
# Specifies that WAF should do nothing. This is
|
|
6178
|
-
#
|
|
6179
|
-
#
|
|
6385
|
+
# Specifies that WAF should do nothing. This is used for the
|
|
6386
|
+
# `OverrideAction` setting on a Rule when the rule uses a rule group
|
|
6387
|
+
# reference statement.
|
|
6180
6388
|
#
|
|
6181
6389
|
# This is used in the context of other settings, for example to specify
|
|
6182
6390
|
# values for RuleAction and web ACL DefaultAction.
|
|
@@ -6807,22 +7015,20 @@ module Aws::WAFV2
|
|
|
6807
7015
|
include Aws::Structure
|
|
6808
7016
|
end
|
|
6809
7017
|
|
|
6810
|
-
# The
|
|
6811
|
-
#
|
|
6812
|
-
#
|
|
6813
|
-
#
|
|
6814
|
-
# Set the override action to none to leave the rule actions in effect.
|
|
6815
|
-
# Set it to count to only count matches, regardless of the rule action
|
|
6816
|
-
# settings.
|
|
7018
|
+
# The action to use in the place of the action that results from the
|
|
7019
|
+
# rule group evaluation. Set the override action to none to leave the
|
|
7020
|
+
# result of the rule group alone. Set it to count to override the result
|
|
7021
|
+
# to count only.
|
|
6817
7022
|
#
|
|
6818
|
-
#
|
|
6819
|
-
#
|
|
7023
|
+
# You can only use this for rule statements that reference a rule group,
|
|
7024
|
+
# like `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
|
6820
7025
|
#
|
|
6821
|
-
#
|
|
6822
|
-
#
|
|
7026
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
7027
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
7028
|
+
# group to only count matches, do not use this and instead exclude those
|
|
7029
|
+
# rules in your rule group reference statement settings.
|
|
6823
7030
|
#
|
|
6824
|
-
#
|
|
6825
|
-
# action setting and not this rule override action setting.
|
|
7031
|
+
# </note>
|
|
6826
7032
|
#
|
|
6827
7033
|
# @note When making an API call, you may pass OverrideAction
|
|
6828
7034
|
# data as a hash:
|
|
@@ -6843,11 +7049,19 @@ module Aws::WAFV2
|
|
|
6843
7049
|
# }
|
|
6844
7050
|
#
|
|
6845
7051
|
# @!attribute [rw] count
|
|
6846
|
-
# Override the rule
|
|
7052
|
+
# Override the rule group evaluation result to count only.
|
|
7053
|
+
#
|
|
7054
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
7055
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
7056
|
+
# group to only count matches, do not use this and instead exclude
|
|
7057
|
+
# those rules in your rule group reference statement settings.
|
|
7058
|
+
#
|
|
7059
|
+
# </note>
|
|
6847
7060
|
# @return [Types::CountAction]
|
|
6848
7061
|
#
|
|
6849
7062
|
# @!attribute [rw] none
|
|
6850
|
-
# Don't override the rule
|
|
7063
|
+
# Don't override the rule group evaluation result. This is the most
|
|
7064
|
+
# common setting.
|
|
6851
7065
|
# @return [Types::NoneAction]
|
|
6852
7066
|
#
|
|
6853
7067
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/OverrideAction AWS API Documentation
|
|
@@ -6904,7 +7118,7 @@ module Aws::WAFV2
|
|
|
6904
7118
|
# conditions: [ # required
|
|
6905
7119
|
# {
|
|
6906
7120
|
# action_condition: {
|
|
6907
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
7121
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
6908
7122
|
# },
|
|
6909
7123
|
# label_name_condition: {
|
|
6910
7124
|
# label_name: "LabelName", # required
|
|
@@ -8116,6 +8330,16 @@ module Aws::WAFV2
|
|
|
8116
8330
|
# ],
|
|
8117
8331
|
# },
|
|
8118
8332
|
# },
|
|
8333
|
+
# captcha: {
|
|
8334
|
+
# custom_request_handling: {
|
|
8335
|
+
# insert_headers: [ # required
|
|
8336
|
+
# {
|
|
8337
|
+
# name: "CustomHTTPHeaderName", # required
|
|
8338
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
8339
|
+
# },
|
|
8340
|
+
# ],
|
|
8341
|
+
# },
|
|
8342
|
+
# },
|
|
8119
8343
|
# },
|
|
8120
8344
|
# override_action: {
|
|
8121
8345
|
# count: {
|
|
@@ -8141,6 +8365,11 @@ module Aws::WAFV2
|
|
|
8141
8365
|
# cloud_watch_metrics_enabled: false, # required
|
|
8142
8366
|
# metric_name: "MetricName", # required
|
|
8143
8367
|
# },
|
|
8368
|
+
# captcha_config: {
|
|
8369
|
+
# immunity_time_property: {
|
|
8370
|
+
# immunity_time: 1, # required
|
|
8371
|
+
# },
|
|
8372
|
+
# },
|
|
8144
8373
|
# }
|
|
8145
8374
|
#
|
|
8146
8375
|
# @!attribute [rw] name
|
|
@@ -8181,22 +8410,21 @@ module Aws::WAFV2
|
|
|
8181
8410
|
# @return [Types::RuleAction]
|
|
8182
8411
|
#
|
|
8183
8412
|
# @!attribute [rw] override_action
|
|
8184
|
-
# The
|
|
8185
|
-
#
|
|
8186
|
-
#
|
|
8187
|
-
#
|
|
8188
|
-
# Set the override action to none to leave the rule actions in effect.
|
|
8189
|
-
# Set it to count to only count matches, regardless of the rule action
|
|
8190
|
-
# settings.
|
|
8413
|
+
# The action to use in the place of the action that results from the
|
|
8414
|
+
# rule group evaluation. Set the override action to none to leave the
|
|
8415
|
+
# result of the rule group alone. Set it to count to override the
|
|
8416
|
+
# result to count only.
|
|
8191
8417
|
#
|
|
8192
|
-
#
|
|
8193
|
-
#
|
|
8418
|
+
# You can only use this for rule statements that reference a rule
|
|
8419
|
+
# group, like `RuleGroupReferenceStatement` and
|
|
8420
|
+
# `ManagedRuleGroupStatement`.
|
|
8194
8421
|
#
|
|
8195
|
-
#
|
|
8196
|
-
#
|
|
8422
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
8423
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
8424
|
+
# group to only count matches, do not use this and instead exclude
|
|
8425
|
+
# those rules in your rule group reference statement settings.
|
|
8197
8426
|
#
|
|
8198
|
-
#
|
|
8199
|
-
# rule action setting and not this rule override action setting.
|
|
8427
|
+
# </note>
|
|
8200
8428
|
# @return [Types::OverrideAction]
|
|
8201
8429
|
#
|
|
8202
8430
|
# @!attribute [rw] rule_labels
|
|
@@ -8230,6 +8458,12 @@ module Aws::WAFV2
|
|
|
8230
8458
|
# collection.
|
|
8231
8459
|
# @return [Types::VisibilityConfig]
|
|
8232
8460
|
#
|
|
8461
|
+
# @!attribute [rw] captcha_config
|
|
8462
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations. If you don't
|
|
8463
|
+
# specify this, WAF uses the `CAPTCHA` configuration that's defined
|
|
8464
|
+
# for the web ACL.
|
|
8465
|
+
# @return [Types::CaptchaConfig]
|
|
8466
|
+
#
|
|
8233
8467
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Rule AWS API Documentation
|
|
8234
8468
|
#
|
|
8235
8469
|
class Rule < Struct.new(
|
|
@@ -8239,7 +8473,8 @@ module Aws::WAFV2
|
|
|
8239
8473
|
:action,
|
|
8240
8474
|
:override_action,
|
|
8241
8475
|
:rule_labels,
|
|
8242
|
-
:visibility_config
|
|
8476
|
+
:visibility_config,
|
|
8477
|
+
:captcha_config)
|
|
8243
8478
|
SENSITIVE = []
|
|
8244
8479
|
include Aws::Structure
|
|
8245
8480
|
end
|
|
@@ -8284,6 +8519,16 @@ module Aws::WAFV2
|
|
|
8284
8519
|
# ],
|
|
8285
8520
|
# },
|
|
8286
8521
|
# },
|
|
8522
|
+
# captcha: {
|
|
8523
|
+
# custom_request_handling: {
|
|
8524
|
+
# insert_headers: [ # required
|
|
8525
|
+
# {
|
|
8526
|
+
# name: "CustomHTTPHeaderName", # required
|
|
8527
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
8528
|
+
# },
|
|
8529
|
+
# ],
|
|
8530
|
+
# },
|
|
8531
|
+
# },
|
|
8287
8532
|
# }
|
|
8288
8533
|
#
|
|
8289
8534
|
# @!attribute [rw] block
|
|
@@ -8298,12 +8543,17 @@ module Aws::WAFV2
|
|
|
8298
8543
|
# Instructs WAF to count the web request and allow it.
|
|
8299
8544
|
# @return [Types::CountAction]
|
|
8300
8545
|
#
|
|
8546
|
+
# @!attribute [rw] captcha
|
|
8547
|
+
# Instructs WAF to run a `CAPTCHA` check against the web request.
|
|
8548
|
+
# @return [Types::CaptchaAction]
|
|
8549
|
+
#
|
|
8301
8550
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleAction AWS API Documentation
|
|
8302
8551
|
#
|
|
8303
8552
|
class RuleAction < Struct.new(
|
|
8304
8553
|
:block,
|
|
8305
8554
|
:allow,
|
|
8306
|
-
:count
|
|
8555
|
+
:count,
|
|
8556
|
+
:captcha)
|
|
8307
8557
|
SENSITIVE = []
|
|
8308
8558
|
include Aws::Structure
|
|
8309
8559
|
end
|
|
@@ -8457,8 +8707,11 @@ module Aws::WAFV2
|
|
|
8457
8707
|
# @return [String]
|
|
8458
8708
|
#
|
|
8459
8709
|
# @!attribute [rw] excluded_rules
|
|
8460
|
-
# The
|
|
8461
|
-
# you
|
|
8710
|
+
# The rules in the referenced rule group whose actions are set to
|
|
8711
|
+
# `Count`. When you exclude a rule, WAF evaluates it exactly as it
|
|
8712
|
+
# would if the rule action setting were `Count`. This is a useful
|
|
8713
|
+
# option for testing the rules in a rule group without modifying how
|
|
8714
|
+
# they handle your web traffic.
|
|
8462
8715
|
# @return [Array<Types::ExcludedRule>]
|
|
8463
8716
|
#
|
|
8464
8717
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleGroupReferenceStatement AWS API Documentation
|
|
@@ -8567,8 +8820,8 @@ module Aws::WAFV2
|
|
|
8567
8820
|
# @return [Time]
|
|
8568
8821
|
#
|
|
8569
8822
|
# @!attribute [rw] action
|
|
8570
|
-
# The action for the `Rule` that the request matched: `
|
|
8571
|
-
# `
|
|
8823
|
+
# The action for the `Rule` that the request matched: `Allow`,
|
|
8824
|
+
# `Block`, or `Count`.
|
|
8572
8825
|
# @return [String]
|
|
8573
8826
|
#
|
|
8574
8827
|
# @!attribute [rw] rule_name_within_rule_group
|
|
@@ -8599,6 +8852,10 @@ module Aws::WAFV2
|
|
|
8599
8852
|
# or `awswaf:managed:aws:managed-rule-set:header:encoding:utf8`.
|
|
8600
8853
|
# @return [Array<Types::Label>]
|
|
8601
8854
|
#
|
|
8855
|
+
# @!attribute [rw] captcha_response
|
|
8856
|
+
# The `CAPTCHA` response for the request.
|
|
8857
|
+
# @return [Types::CaptchaResponse]
|
|
8858
|
+
#
|
|
8602
8859
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
|
|
8603
8860
|
#
|
|
8604
8861
|
class SampledHTTPRequest < Struct.new(
|
|
@@ -8609,7 +8866,8 @@ module Aws::WAFV2
|
|
|
8609
8866
|
:rule_name_within_rule_group,
|
|
8610
8867
|
:request_headers_inserted,
|
|
8611
8868
|
:response_code_sent,
|
|
8612
|
-
:labels
|
|
8869
|
+
:labels,
|
|
8870
|
+
:captcha_response)
|
|
8613
8871
|
SENSITIVE = []
|
|
8614
8872
|
include Aws::Structure
|
|
8615
8873
|
end
|
|
@@ -11711,6 +11969,16 @@ module Aws::WAFV2
|
|
|
11711
11969
|
# ],
|
|
11712
11970
|
# },
|
|
11713
11971
|
# },
|
|
11972
|
+
# captcha: {
|
|
11973
|
+
# custom_request_handling: {
|
|
11974
|
+
# insert_headers: [ # required
|
|
11975
|
+
# {
|
|
11976
|
+
# name: "CustomHTTPHeaderName", # required
|
|
11977
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
11978
|
+
# },
|
|
11979
|
+
# ],
|
|
11980
|
+
# },
|
|
11981
|
+
# },
|
|
11714
11982
|
# },
|
|
11715
11983
|
# override_action: {
|
|
11716
11984
|
# count: {
|
|
@@ -11736,6 +12004,11 @@ module Aws::WAFV2
|
|
|
11736
12004
|
# cloud_watch_metrics_enabled: false, # required
|
|
11737
12005
|
# metric_name: "MetricName", # required
|
|
11738
12006
|
# },
|
|
12007
|
+
# captcha_config: {
|
|
12008
|
+
# immunity_time_property: {
|
|
12009
|
+
# immunity_time: 1, # required
|
|
12010
|
+
# },
|
|
12011
|
+
# },
|
|
11739
12012
|
# },
|
|
11740
12013
|
# ],
|
|
11741
12014
|
# visibility_config: { # required
|
|
@@ -12213,6 +12486,16 @@ module Aws::WAFV2
|
|
|
12213
12486
|
# ],
|
|
12214
12487
|
# },
|
|
12215
12488
|
# },
|
|
12489
|
+
# captcha: {
|
|
12490
|
+
# custom_request_handling: {
|
|
12491
|
+
# insert_headers: [ # required
|
|
12492
|
+
# {
|
|
12493
|
+
# name: "CustomHTTPHeaderName", # required
|
|
12494
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
12495
|
+
# },
|
|
12496
|
+
# ],
|
|
12497
|
+
# },
|
|
12498
|
+
# },
|
|
12216
12499
|
# },
|
|
12217
12500
|
# override_action: {
|
|
12218
12501
|
# count: {
|
|
@@ -12238,6 +12521,11 @@ module Aws::WAFV2
|
|
|
12238
12521
|
# cloud_watch_metrics_enabled: false, # required
|
|
12239
12522
|
# metric_name: "MetricName", # required
|
|
12240
12523
|
# },
|
|
12524
|
+
# captcha_config: {
|
|
12525
|
+
# immunity_time_property: {
|
|
12526
|
+
# immunity_time: 1, # required
|
|
12527
|
+
# },
|
|
12528
|
+
# },
|
|
12241
12529
|
# },
|
|
12242
12530
|
# ],
|
|
12243
12531
|
# visibility_config: { # required
|
|
@@ -12252,6 +12540,11 @@ module Aws::WAFV2
|
|
|
12252
12540
|
# content: "ResponseContent", # required
|
|
12253
12541
|
# },
|
|
12254
12542
|
# },
|
|
12543
|
+
# captcha_config: {
|
|
12544
|
+
# immunity_time_property: {
|
|
12545
|
+
# immunity_time: 1, # required
|
|
12546
|
+
# },
|
|
12547
|
+
# },
|
|
12255
12548
|
# }
|
|
12256
12549
|
#
|
|
12257
12550
|
# @!attribute [rw] name
|
|
@@ -12334,6 +12627,12 @@ module Aws::WAFV2
|
|
|
12334
12627
|
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
|
12335
12628
|
# @return [Hash<String,Types::CustomResponseBody>]
|
|
12336
12629
|
#
|
|
12630
|
+
# @!attribute [rw] captcha_config
|
|
12631
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations for rules that
|
|
12632
|
+
# don't have their own `CaptchaConfig` settings. If you don't
|
|
12633
|
+
# specify this, WAF uses its default settings for `CaptchaConfig`.
|
|
12634
|
+
# @return [Types::CaptchaConfig]
|
|
12635
|
+
#
|
|
12337
12636
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
|
|
12338
12637
|
#
|
|
12339
12638
|
class UpdateWebACLRequest < Struct.new(
|
|
@@ -12345,7 +12644,8 @@ module Aws::WAFV2
|
|
|
12345
12644
|
:rules,
|
|
12346
12645
|
:visibility_config,
|
|
12347
12646
|
:lock_token,
|
|
12348
|
-
:custom_response_bodies
|
|
12647
|
+
:custom_response_bodies,
|
|
12648
|
+
:captcha_config)
|
|
12349
12649
|
SENSITIVE = []
|
|
12350
12650
|
include Aws::Structure
|
|
12351
12651
|
end
|
|
@@ -12647,6 +12947,25 @@ module Aws::WAFV2
|
|
|
12647
12947
|
include Aws::Structure
|
|
12648
12948
|
end
|
|
12649
12949
|
|
|
12950
|
+
# The operation failed because you don't have the permissions that your
|
|
12951
|
+
# logging configuration requires. For information, see [Logging web ACL
|
|
12952
|
+
# traffic information][1] in the *WAF Developer Guide*.
|
|
12953
|
+
#
|
|
12954
|
+
#
|
|
12955
|
+
#
|
|
12956
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
|
|
12957
|
+
#
|
|
12958
|
+
# @!attribute [rw] message
|
|
12959
|
+
# @return [String]
|
|
12960
|
+
#
|
|
12961
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFLogDestinationPermissionIssueException AWS API Documentation
|
|
12962
|
+
#
|
|
12963
|
+
class WAFLogDestinationPermissionIssueException < Struct.new(
|
|
12964
|
+
:message)
|
|
12965
|
+
SENSITIVE = []
|
|
12966
|
+
include Aws::Structure
|
|
12967
|
+
end
|
|
12968
|
+
|
|
12650
12969
|
# WAF couldn’t perform the operation because your resource doesn’t
|
|
12651
12970
|
# exist.
|
|
12652
12971
|
#
|
|
@@ -12885,6 +13204,12 @@ module Aws::WAFV2
|
|
|
12885
13204
|
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
|
12886
13205
|
# @return [Hash<String,Types::CustomResponseBody>]
|
|
12887
13206
|
#
|
|
13207
|
+
# @!attribute [rw] captcha_config
|
|
13208
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations for rules that
|
|
13209
|
+
# don't have their own `CaptchaConfig` settings. If you don't
|
|
13210
|
+
# specify this, WAF uses its default settings for `CaptchaConfig`.
|
|
13211
|
+
# @return [Types::CaptchaConfig]
|
|
13212
|
+
#
|
|
12888
13213
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
|
|
12889
13214
|
#
|
|
12890
13215
|
class WebACL < Struct.new(
|
|
@@ -12900,7 +13225,8 @@ module Aws::WAFV2
|
|
|
12900
13225
|
:post_process_firewall_manager_rule_groups,
|
|
12901
13226
|
:managed_by_firewall_manager,
|
|
12902
13227
|
:label_namespace,
|
|
12903
|
-
:custom_response_bodies
|
|
13228
|
+
:custom_response_bodies,
|
|
13229
|
+
:captcha_config)
|
|
12904
13230
|
SENSITIVE = []
|
|
12905
13231
|
include Aws::Structure
|
|
12906
13232
|
end
|