aws-sdk-wafv2 1.29.0 → 1.33.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2/client.rb +147 -27
- data/lib/aws-sdk-wafv2/client_api.rb +34 -1
- data/lib/aws-sdk-wafv2/errors.rb +16 -0
- data/lib/aws-sdk-wafv2/types.rb +402 -76
- data/lib/aws-sdk-wafv2.rb +1 -1
- metadata +4 -4
data/lib/aws-sdk-wafv2/types.rb
CHANGED
|
@@ -16,7 +16,7 @@ module Aws::WAFV2
|
|
|
16
16
|
# data as a hash:
|
|
17
17
|
#
|
|
18
18
|
# {
|
|
19
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
19
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
20
20
|
# }
|
|
21
21
|
#
|
|
22
22
|
# @!attribute [rw] action
|
|
@@ -660,6 +660,125 @@ module Aws::WAFV2
|
|
|
660
660
|
include Aws::Structure
|
|
661
661
|
end
|
|
662
662
|
|
|
663
|
+
# Specifies that WAF should run a `CAPTCHA` check against the request:
|
|
664
|
+
#
|
|
665
|
+
# * If the request includes a valid, unexpired `CAPTCHA` token, WAF
|
|
666
|
+
# allows the web request inspection to proceed to the next rule,
|
|
667
|
+
# similar to a `CountAction`.
|
|
668
|
+
#
|
|
669
|
+
# * If the request doesn't include a valid, unexpired `CAPTCHA` token,
|
|
670
|
+
# WAF discontinues the web ACL evaluation of the request and blocks it
|
|
671
|
+
# from going to its intended destination.
|
|
672
|
+
#
|
|
673
|
+
# WAF generates a response that it sends back to the client, which
|
|
674
|
+
# includes the following:
|
|
675
|
+
#
|
|
676
|
+
# * The header `x-amzn-waf-action` with a value of `captcha`.
|
|
677
|
+
#
|
|
678
|
+
# * The HTTP status code `405 Method Not Allowed`.
|
|
679
|
+
#
|
|
680
|
+
# * If the request contains an `Accept` header with a value of
|
|
681
|
+
# `text/html`, the response includes a `CAPTCHA` challenge.
|
|
682
|
+
#
|
|
683
|
+
# You can configure the expiration time in the `CaptchaConfig`
|
|
684
|
+
# `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
|
|
685
|
+
# setting overrides the web ACL setting.
|
|
686
|
+
#
|
|
687
|
+
# This action option is available for rules. It isn't available for web
|
|
688
|
+
# ACL default actions.
|
|
689
|
+
#
|
|
690
|
+
# This is used in the context of other settings, for example to specify
|
|
691
|
+
# values for RuleAction and web ACL DefaultAction.
|
|
692
|
+
#
|
|
693
|
+
# @note When making an API call, you may pass CaptchaAction
|
|
694
|
+
# data as a hash:
|
|
695
|
+
#
|
|
696
|
+
# {
|
|
697
|
+
# custom_request_handling: {
|
|
698
|
+
# insert_headers: [ # required
|
|
699
|
+
# {
|
|
700
|
+
# name: "CustomHTTPHeaderName", # required
|
|
701
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
702
|
+
# },
|
|
703
|
+
# ],
|
|
704
|
+
# },
|
|
705
|
+
# }
|
|
706
|
+
#
|
|
707
|
+
# @!attribute [rw] custom_request_handling
|
|
708
|
+
# Defines custom handling for the web request.
|
|
709
|
+
#
|
|
710
|
+
# For information about customizing web requests and responses, see
|
|
711
|
+
# [Customizing web requests and responses in WAF][1] in the [WAF
|
|
712
|
+
# Developer Guide][2].
|
|
713
|
+
#
|
|
714
|
+
#
|
|
715
|
+
#
|
|
716
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
|
717
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
|
718
|
+
# @return [Types::CustomRequestHandling]
|
|
719
|
+
#
|
|
720
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
|
|
721
|
+
#
|
|
722
|
+
class CaptchaAction < Struct.new(
|
|
723
|
+
:custom_request_handling)
|
|
724
|
+
SENSITIVE = []
|
|
725
|
+
include Aws::Structure
|
|
726
|
+
end
|
|
727
|
+
|
|
728
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations. This is
|
|
729
|
+
# available at the web ACL level and in each rule.
|
|
730
|
+
#
|
|
731
|
+
# @note When making an API call, you may pass CaptchaConfig
|
|
732
|
+
# data as a hash:
|
|
733
|
+
#
|
|
734
|
+
# {
|
|
735
|
+
# immunity_time_property: {
|
|
736
|
+
# immunity_time: 1, # required
|
|
737
|
+
# },
|
|
738
|
+
# }
|
|
739
|
+
#
|
|
740
|
+
# @!attribute [rw] immunity_time_property
|
|
741
|
+
# Determines how long a `CAPTCHA` token remains valid after the client
|
|
742
|
+
# successfully solves a `CAPTCHA` puzzle.
|
|
743
|
+
# @return [Types::ImmunityTimeProperty]
|
|
744
|
+
#
|
|
745
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaConfig AWS API Documentation
|
|
746
|
+
#
|
|
747
|
+
class CaptchaConfig < Struct.new(
|
|
748
|
+
:immunity_time_property)
|
|
749
|
+
SENSITIVE = []
|
|
750
|
+
include Aws::Structure
|
|
751
|
+
end
|
|
752
|
+
|
|
753
|
+
# The result from the inspection of the web request for a valid
|
|
754
|
+
# `CAPTCHA` token.
|
|
755
|
+
#
|
|
756
|
+
# @!attribute [rw] response_code
|
|
757
|
+
# The HTTP response code indicating the status of the `CAPTCHA` token
|
|
758
|
+
# in the web request. If the token is missing, invalid, or expired,
|
|
759
|
+
# this code is `405 Method Not Allowed`.
|
|
760
|
+
# @return [Integer]
|
|
761
|
+
#
|
|
762
|
+
# @!attribute [rw] solve_timestamp
|
|
763
|
+
# The time that the `CAPTCHA` puzzle was solved for the supplied
|
|
764
|
+
# token.
|
|
765
|
+
# @return [Integer]
|
|
766
|
+
#
|
|
767
|
+
# @!attribute [rw] failure_reason
|
|
768
|
+
# The reason for failure, populated when the evaluation of the token
|
|
769
|
+
# fails.
|
|
770
|
+
# @return [String]
|
|
771
|
+
#
|
|
772
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaResponse AWS API Documentation
|
|
773
|
+
#
|
|
774
|
+
class CaptchaResponse < Struct.new(
|
|
775
|
+
:response_code,
|
|
776
|
+
:solve_timestamp,
|
|
777
|
+
:failure_reason)
|
|
778
|
+
SENSITIVE = []
|
|
779
|
+
include Aws::Structure
|
|
780
|
+
end
|
|
781
|
+
|
|
663
782
|
# @note When making an API call, you may pass CheckCapacityRequest
|
|
664
783
|
# data as a hash:
|
|
665
784
|
#
|
|
@@ -990,6 +1109,16 @@ module Aws::WAFV2
|
|
|
990
1109
|
# ],
|
|
991
1110
|
# },
|
|
992
1111
|
# },
|
|
1112
|
+
# captcha: {
|
|
1113
|
+
# custom_request_handling: {
|
|
1114
|
+
# insert_headers: [ # required
|
|
1115
|
+
# {
|
|
1116
|
+
# name: "CustomHTTPHeaderName", # required
|
|
1117
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
1118
|
+
# },
|
|
1119
|
+
# ],
|
|
1120
|
+
# },
|
|
1121
|
+
# },
|
|
993
1122
|
# },
|
|
994
1123
|
# override_action: {
|
|
995
1124
|
# count: {
|
|
@@ -1015,6 +1144,11 @@ module Aws::WAFV2
|
|
|
1015
1144
|
# cloud_watch_metrics_enabled: false, # required
|
|
1016
1145
|
# metric_name: "MetricName", # required
|
|
1017
1146
|
# },
|
|
1147
|
+
# captcha_config: {
|
|
1148
|
+
# immunity_time_property: {
|
|
1149
|
+
# immunity_time: 1, # required
|
|
1150
|
+
# },
|
|
1151
|
+
# },
|
|
1018
1152
|
# },
|
|
1019
1153
|
# ],
|
|
1020
1154
|
# }
|
|
@@ -1067,7 +1201,7 @@ module Aws::WAFV2
|
|
|
1067
1201
|
#
|
|
1068
1202
|
# {
|
|
1069
1203
|
# action_condition: {
|
|
1070
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
1204
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
1071
1205
|
# },
|
|
1072
1206
|
# label_name_condition: {
|
|
1073
1207
|
# label_name: "LabelName", # required
|
|
@@ -1656,6 +1790,16 @@ module Aws::WAFV2
|
|
|
1656
1790
|
# ],
|
|
1657
1791
|
# },
|
|
1658
1792
|
# },
|
|
1793
|
+
# captcha: {
|
|
1794
|
+
# custom_request_handling: {
|
|
1795
|
+
# insert_headers: [ # required
|
|
1796
|
+
# {
|
|
1797
|
+
# name: "CustomHTTPHeaderName", # required
|
|
1798
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
1799
|
+
# },
|
|
1800
|
+
# ],
|
|
1801
|
+
# },
|
|
1802
|
+
# },
|
|
1659
1803
|
# },
|
|
1660
1804
|
# override_action: {
|
|
1661
1805
|
# count: {
|
|
@@ -1681,6 +1825,11 @@ module Aws::WAFV2
|
|
|
1681
1825
|
# cloud_watch_metrics_enabled: false, # required
|
|
1682
1826
|
# metric_name: "MetricName", # required
|
|
1683
1827
|
# },
|
|
1828
|
+
# captcha_config: {
|
|
1829
|
+
# immunity_time_property: {
|
|
1830
|
+
# immunity_time: 1, # required
|
|
1831
|
+
# },
|
|
1832
|
+
# },
|
|
1684
1833
|
# },
|
|
1685
1834
|
# ],
|
|
1686
1835
|
# visibility_config: { # required
|
|
@@ -2168,6 +2317,16 @@ module Aws::WAFV2
|
|
|
2168
2317
|
# ],
|
|
2169
2318
|
# },
|
|
2170
2319
|
# },
|
|
2320
|
+
# captcha: {
|
|
2321
|
+
# custom_request_handling: {
|
|
2322
|
+
# insert_headers: [ # required
|
|
2323
|
+
# {
|
|
2324
|
+
# name: "CustomHTTPHeaderName", # required
|
|
2325
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
2326
|
+
# },
|
|
2327
|
+
# ],
|
|
2328
|
+
# },
|
|
2329
|
+
# },
|
|
2171
2330
|
# },
|
|
2172
2331
|
# override_action: {
|
|
2173
2332
|
# count: {
|
|
@@ -2193,6 +2352,11 @@ module Aws::WAFV2
|
|
|
2193
2352
|
# cloud_watch_metrics_enabled: false, # required
|
|
2194
2353
|
# metric_name: "MetricName", # required
|
|
2195
2354
|
# },
|
|
2355
|
+
# captcha_config: {
|
|
2356
|
+
# immunity_time_property: {
|
|
2357
|
+
# immunity_time: 1, # required
|
|
2358
|
+
# },
|
|
2359
|
+
# },
|
|
2196
2360
|
# },
|
|
2197
2361
|
# ],
|
|
2198
2362
|
# visibility_config: { # required
|
|
@@ -2212,6 +2376,11 @@ module Aws::WAFV2
|
|
|
2212
2376
|
# content: "ResponseContent", # required
|
|
2213
2377
|
# },
|
|
2214
2378
|
# },
|
|
2379
|
+
# captcha_config: {
|
|
2380
|
+
# immunity_time_property: {
|
|
2381
|
+
# immunity_time: 1, # required
|
|
2382
|
+
# },
|
|
2383
|
+
# },
|
|
2215
2384
|
# }
|
|
2216
2385
|
#
|
|
2217
2386
|
# @!attribute [rw] name
|
|
@@ -2280,6 +2449,12 @@ module Aws::WAFV2
|
|
|
2280
2449
|
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
|
2281
2450
|
# @return [Hash<String,Types::CustomResponseBody>]
|
|
2282
2451
|
#
|
|
2452
|
+
# @!attribute [rw] captcha_config
|
|
2453
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations for rules that
|
|
2454
|
+
# don't have their own `CaptchaConfig` settings. If you don't
|
|
2455
|
+
# specify this, WAF uses its default settings for `CaptchaConfig`.
|
|
2456
|
+
# @return [Types::CaptchaConfig]
|
|
2457
|
+
#
|
|
2283
2458
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
|
|
2284
2459
|
#
|
|
2285
2460
|
class CreateWebACLRequest < Struct.new(
|
|
@@ -2290,7 +2465,8 @@ module Aws::WAFV2
|
|
|
2290
2465
|
:rules,
|
|
2291
2466
|
:visibility_config,
|
|
2292
2467
|
:tags,
|
|
2293
|
-
:custom_response_bodies
|
|
2468
|
+
:custom_response_bodies,
|
|
2469
|
+
:captcha_config)
|
|
2294
2470
|
SENSITIVE = []
|
|
2295
2471
|
include Aws::Structure
|
|
2296
2472
|
end
|
|
@@ -3073,10 +3249,11 @@ module Aws::WAFV2
|
|
|
3073
3249
|
#
|
|
3074
3250
|
class DisassociateWebACLResponse < Aws::EmptyStructure; end
|
|
3075
3251
|
|
|
3076
|
-
# Specifies a single rule
|
|
3077
|
-
#
|
|
3078
|
-
#
|
|
3079
|
-
#
|
|
3252
|
+
# Specifies a single rule in a rule group whose action you want to
|
|
3253
|
+
# override to `Count`. When you exclude a rule, WAF evaluates it exactly
|
|
3254
|
+
# as it would if the rule action setting were `Count`. This is a useful
|
|
3255
|
+
# option for testing the rules in a rule group without modifying how
|
|
3256
|
+
# they handle your web traffic.
|
|
3080
3257
|
#
|
|
3081
3258
|
# @note When making an API call, you may pass ExcludedRule
|
|
3082
3259
|
# data as a hash:
|
|
@@ -3086,7 +3263,7 @@ module Aws::WAFV2
|
|
|
3086
3263
|
# }
|
|
3087
3264
|
#
|
|
3088
3265
|
# @!attribute [rw] name
|
|
3089
|
-
# The name of the rule to
|
|
3266
|
+
# The name of the rule whose action you want to override to `Count`.
|
|
3090
3267
|
# @return [String]
|
|
3091
3268
|
#
|
|
3092
3269
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ExcludedRule AWS API Documentation
|
|
@@ -3241,7 +3418,7 @@ module Aws::WAFV2
|
|
|
3241
3418
|
# conditions: [ # required
|
|
3242
3419
|
# {
|
|
3243
3420
|
# action_condition: {
|
|
3244
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
3421
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
3245
3422
|
# },
|
|
3246
3423
|
# label_name_condition: {
|
|
3247
3424
|
# label_name: "LabelName", # required
|
|
@@ -3297,22 +3474,21 @@ module Aws::WAFV2
|
|
|
3297
3474
|
# @return [Types::FirewallManagerStatement]
|
|
3298
3475
|
#
|
|
3299
3476
|
# @!attribute [rw] override_action
|
|
3300
|
-
# The
|
|
3301
|
-
#
|
|
3302
|
-
#
|
|
3303
|
-
#
|
|
3304
|
-
# Set the override action to none to leave the rule actions in effect.
|
|
3305
|
-
# Set it to count to only count matches, regardless of the rule action
|
|
3306
|
-
# settings.
|
|
3477
|
+
# The action to use in the place of the action that results from the
|
|
3478
|
+
# rule group evaluation. Set the override action to none to leave the
|
|
3479
|
+
# result of the rule group alone. Set it to count to override the
|
|
3480
|
+
# result to count only.
|
|
3307
3481
|
#
|
|
3308
|
-
#
|
|
3309
|
-
#
|
|
3482
|
+
# You can only use this for rule statements that reference a rule
|
|
3483
|
+
# group, like `RuleGroupReferenceStatement` and
|
|
3484
|
+
# `ManagedRuleGroupStatement`.
|
|
3310
3485
|
#
|
|
3311
|
-
#
|
|
3312
|
-
#
|
|
3486
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
3487
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
3488
|
+
# group to only count matches, do not use this and instead exclude
|
|
3489
|
+
# those rules in your rule group reference statement settings.
|
|
3313
3490
|
#
|
|
3314
|
-
#
|
|
3315
|
-
# rule action setting and not this rule override action setting.
|
|
3491
|
+
# </note>
|
|
3316
3492
|
# @return [Types::OverrideAction]
|
|
3317
3493
|
#
|
|
3318
3494
|
# @!attribute [rw] visibility_config
|
|
@@ -4443,6 +4619,29 @@ module Aws::WAFV2
|
|
|
4443
4619
|
include Aws::Structure
|
|
4444
4620
|
end
|
|
4445
4621
|
|
|
4622
|
+
# Determines how long a `CAPTCHA` token remains valid after the client
|
|
4623
|
+
# successfully solves a `CAPTCHA` puzzle.
|
|
4624
|
+
#
|
|
4625
|
+
# @note When making an API call, you may pass ImmunityTimeProperty
|
|
4626
|
+
# data as a hash:
|
|
4627
|
+
#
|
|
4628
|
+
# {
|
|
4629
|
+
# immunity_time: 1, # required
|
|
4630
|
+
# }
|
|
4631
|
+
#
|
|
4632
|
+
# @!attribute [rw] immunity_time
|
|
4633
|
+
# The amount of time, in seconds, that a `CAPTCHA` token is valid. The
|
|
4634
|
+
# default setting is 300.
|
|
4635
|
+
# @return [Integer]
|
|
4636
|
+
#
|
|
4637
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ImmunityTimeProperty AWS API Documentation
|
|
4638
|
+
#
|
|
4639
|
+
class ImmunityTimeProperty < Struct.new(
|
|
4640
|
+
:immunity_time)
|
|
4641
|
+
SENSITIVE = []
|
|
4642
|
+
include Aws::Structure
|
|
4643
|
+
end
|
|
4644
|
+
|
|
4446
4645
|
# The body of a web request, inspected as JSON. The body immediately
|
|
4447
4646
|
# follows the request headers. This is used in the FieldToMatch
|
|
4448
4647
|
# specification.
|
|
@@ -4923,7 +5122,7 @@ module Aws::WAFV2
|
|
|
4923
5122
|
# data as a hash:
|
|
4924
5123
|
#
|
|
4925
5124
|
# {
|
|
4926
|
-
# scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
|
|
5125
|
+
# scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
|
|
4927
5126
|
# next_marker: "NextMarker",
|
|
4928
5127
|
# limit: 1,
|
|
4929
5128
|
# }
|
|
@@ -5364,11 +5563,18 @@ module Aws::WAFV2
|
|
|
5364
5563
|
include Aws::Structure
|
|
5365
5564
|
end
|
|
5366
5565
|
|
|
5367
|
-
# Defines an association between
|
|
5368
|
-
#
|
|
5369
|
-
#
|
|
5370
|
-
#
|
|
5371
|
-
#
|
|
5566
|
+
# Defines an association between logging destinations and a web ACL
|
|
5567
|
+
# resource, for logging from WAF. As part of the association, you can
|
|
5568
|
+
# specify parts of the standard logging fields to keep out of the logs
|
|
5569
|
+
# and you can specify filters so that you log only a subset of the
|
|
5570
|
+
# logging records.
|
|
5571
|
+
#
|
|
5572
|
+
# For information about configuring web ACL logging destinations, see
|
|
5573
|
+
# [Logging web ACL traffic information][1] in the *WAF Developer Guide*.
|
|
5574
|
+
#
|
|
5575
|
+
#
|
|
5576
|
+
#
|
|
5577
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
|
|
5372
5578
|
#
|
|
5373
5579
|
# @note When making an API call, you may pass LoggingConfiguration
|
|
5374
5580
|
# data as a hash:
|
|
@@ -5414,7 +5620,7 @@ module Aws::WAFV2
|
|
|
5414
5620
|
# conditions: [ # required
|
|
5415
5621
|
# {
|
|
5416
5622
|
# action_condition: {
|
|
5417
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
5623
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
5418
5624
|
# },
|
|
5419
5625
|
# label_name_condition: {
|
|
5420
5626
|
# label_name: "LabelName", # required
|
|
@@ -5433,14 +5639,14 @@ module Aws::WAFV2
|
|
|
5433
5639
|
# @return [String]
|
|
5434
5640
|
#
|
|
5435
5641
|
# @!attribute [rw] log_destination_configs
|
|
5436
|
-
# The Amazon
|
|
5642
|
+
# The Amazon Resource Names (ARNs) of the logging destinations that
|
|
5437
5643
|
# you want to associate with the web ACL.
|
|
5438
5644
|
# @return [Array<String>]
|
|
5439
5645
|
#
|
|
5440
5646
|
# @!attribute [rw] redacted_fields
|
|
5441
5647
|
# The parts of the request that you want to keep out of the logs. For
|
|
5442
5648
|
# example, if you redact the `SingleHeader` field, the `HEADER` field
|
|
5443
|
-
# in the
|
|
5649
|
+
# in the logs will be `xxx`.
|
|
5444
5650
|
#
|
|
5445
5651
|
# <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
|
|
5446
5652
|
# `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
|
|
@@ -5490,7 +5696,7 @@ module Aws::WAFV2
|
|
|
5490
5696
|
# conditions: [ # required
|
|
5491
5697
|
# {
|
|
5492
5698
|
# action_condition: {
|
|
5493
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
5699
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
5494
5700
|
# },
|
|
5495
5701
|
# label_name_condition: {
|
|
5496
5702
|
# label_name: "LabelName", # required
|
|
@@ -5850,9 +6056,11 @@ module Aws::WAFV2
|
|
|
5850
6056
|
# @return [String]
|
|
5851
6057
|
#
|
|
5852
6058
|
# @!attribute [rw] excluded_rules
|
|
5853
|
-
# The rules whose actions are set to
|
|
5854
|
-
#
|
|
5855
|
-
#
|
|
6059
|
+
# The rules in the referenced rule group whose actions are set to
|
|
6060
|
+
# `Count`. When you exclude a rule, WAF evaluates it exactly as it
|
|
6061
|
+
# would if the rule action setting were `Count`. This is a useful
|
|
6062
|
+
# option for testing the rules in a rule group without modifying how
|
|
6063
|
+
# they handle your web traffic.
|
|
5856
6064
|
# @return [Array<Types::ExcludedRule>]
|
|
5857
6065
|
#
|
|
5858
6066
|
# @!attribute [rw] scope_down_statement
|
|
@@ -6174,9 +6382,9 @@ module Aws::WAFV2
|
|
|
6174
6382
|
#
|
|
6175
6383
|
class Method < Aws::EmptyStructure; end
|
|
6176
6384
|
|
|
6177
|
-
# Specifies that WAF should do nothing. This is
|
|
6178
|
-
#
|
|
6179
|
-
#
|
|
6385
|
+
# Specifies that WAF should do nothing. This is used for the
|
|
6386
|
+
# `OverrideAction` setting on a Rule when the rule uses a rule group
|
|
6387
|
+
# reference statement.
|
|
6180
6388
|
#
|
|
6181
6389
|
# This is used in the context of other settings, for example to specify
|
|
6182
6390
|
# values for RuleAction and web ACL DefaultAction.
|
|
@@ -6807,22 +7015,20 @@ module Aws::WAFV2
|
|
|
6807
7015
|
include Aws::Structure
|
|
6808
7016
|
end
|
|
6809
7017
|
|
|
6810
|
-
# The
|
|
6811
|
-
#
|
|
6812
|
-
#
|
|
6813
|
-
#
|
|
6814
|
-
# Set the override action to none to leave the rule actions in effect.
|
|
6815
|
-
# Set it to count to only count matches, regardless of the rule action
|
|
6816
|
-
# settings.
|
|
7018
|
+
# The action to use in the place of the action that results from the
|
|
7019
|
+
# rule group evaluation. Set the override action to none to leave the
|
|
7020
|
+
# result of the rule group alone. Set it to count to override the result
|
|
7021
|
+
# to count only.
|
|
6817
7022
|
#
|
|
6818
|
-
#
|
|
6819
|
-
#
|
|
7023
|
+
# You can only use this for rule statements that reference a rule group,
|
|
7024
|
+
# like `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
|
6820
7025
|
#
|
|
6821
|
-
#
|
|
6822
|
-
#
|
|
7026
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
7027
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
7028
|
+
# group to only count matches, do not use this and instead exclude those
|
|
7029
|
+
# rules in your rule group reference statement settings.
|
|
6823
7030
|
#
|
|
6824
|
-
#
|
|
6825
|
-
# action setting and not this rule override action setting.
|
|
7031
|
+
# </note>
|
|
6826
7032
|
#
|
|
6827
7033
|
# @note When making an API call, you may pass OverrideAction
|
|
6828
7034
|
# data as a hash:
|
|
@@ -6843,11 +7049,19 @@ module Aws::WAFV2
|
|
|
6843
7049
|
# }
|
|
6844
7050
|
#
|
|
6845
7051
|
# @!attribute [rw] count
|
|
6846
|
-
# Override the rule
|
|
7052
|
+
# Override the rule group evaluation result to count only.
|
|
7053
|
+
#
|
|
7054
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
7055
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
7056
|
+
# group to only count matches, do not use this and instead exclude
|
|
7057
|
+
# those rules in your rule group reference statement settings.
|
|
7058
|
+
#
|
|
7059
|
+
# </note>
|
|
6847
7060
|
# @return [Types::CountAction]
|
|
6848
7061
|
#
|
|
6849
7062
|
# @!attribute [rw] none
|
|
6850
|
-
# Don't override the rule
|
|
7063
|
+
# Don't override the rule group evaluation result. This is the most
|
|
7064
|
+
# common setting.
|
|
6851
7065
|
# @return [Types::NoneAction]
|
|
6852
7066
|
#
|
|
6853
7067
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/OverrideAction AWS API Documentation
|
|
@@ -6904,7 +7118,7 @@ module Aws::WAFV2
|
|
|
6904
7118
|
# conditions: [ # required
|
|
6905
7119
|
# {
|
|
6906
7120
|
# action_condition: {
|
|
6907
|
-
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
|
|
7121
|
+
# action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
|
|
6908
7122
|
# },
|
|
6909
7123
|
# label_name_condition: {
|
|
6910
7124
|
# label_name: "LabelName", # required
|
|
@@ -8116,6 +8330,16 @@ module Aws::WAFV2
|
|
|
8116
8330
|
# ],
|
|
8117
8331
|
# },
|
|
8118
8332
|
# },
|
|
8333
|
+
# captcha: {
|
|
8334
|
+
# custom_request_handling: {
|
|
8335
|
+
# insert_headers: [ # required
|
|
8336
|
+
# {
|
|
8337
|
+
# name: "CustomHTTPHeaderName", # required
|
|
8338
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
8339
|
+
# },
|
|
8340
|
+
# ],
|
|
8341
|
+
# },
|
|
8342
|
+
# },
|
|
8119
8343
|
# },
|
|
8120
8344
|
# override_action: {
|
|
8121
8345
|
# count: {
|
|
@@ -8141,6 +8365,11 @@ module Aws::WAFV2
|
|
|
8141
8365
|
# cloud_watch_metrics_enabled: false, # required
|
|
8142
8366
|
# metric_name: "MetricName", # required
|
|
8143
8367
|
# },
|
|
8368
|
+
# captcha_config: {
|
|
8369
|
+
# immunity_time_property: {
|
|
8370
|
+
# immunity_time: 1, # required
|
|
8371
|
+
# },
|
|
8372
|
+
# },
|
|
8144
8373
|
# }
|
|
8145
8374
|
#
|
|
8146
8375
|
# @!attribute [rw] name
|
|
@@ -8181,22 +8410,21 @@ module Aws::WAFV2
|
|
|
8181
8410
|
# @return [Types::RuleAction]
|
|
8182
8411
|
#
|
|
8183
8412
|
# @!attribute [rw] override_action
|
|
8184
|
-
# The
|
|
8185
|
-
#
|
|
8186
|
-
#
|
|
8187
|
-
#
|
|
8188
|
-
# Set the override action to none to leave the rule actions in effect.
|
|
8189
|
-
# Set it to count to only count matches, regardless of the rule action
|
|
8190
|
-
# settings.
|
|
8413
|
+
# The action to use in the place of the action that results from the
|
|
8414
|
+
# rule group evaluation. Set the override action to none to leave the
|
|
8415
|
+
# result of the rule group alone. Set it to count to override the
|
|
8416
|
+
# result to count only.
|
|
8191
8417
|
#
|
|
8192
|
-
#
|
|
8193
|
-
#
|
|
8418
|
+
# You can only use this for rule statements that reference a rule
|
|
8419
|
+
# group, like `RuleGroupReferenceStatement` and
|
|
8420
|
+
# `ManagedRuleGroupStatement`.
|
|
8194
8421
|
#
|
|
8195
|
-
#
|
|
8196
|
-
#
|
|
8422
|
+
# <note markdown="1"> This option is usually set to none. It does not affect how the rules
|
|
8423
|
+
# in the rule group are evaluated. If you want the rules in the rule
|
|
8424
|
+
# group to only count matches, do not use this and instead exclude
|
|
8425
|
+
# those rules in your rule group reference statement settings.
|
|
8197
8426
|
#
|
|
8198
|
-
#
|
|
8199
|
-
# rule action setting and not this rule override action setting.
|
|
8427
|
+
# </note>
|
|
8200
8428
|
# @return [Types::OverrideAction]
|
|
8201
8429
|
#
|
|
8202
8430
|
# @!attribute [rw] rule_labels
|
|
@@ -8230,6 +8458,12 @@ module Aws::WAFV2
|
|
|
8230
8458
|
# collection.
|
|
8231
8459
|
# @return [Types::VisibilityConfig]
|
|
8232
8460
|
#
|
|
8461
|
+
# @!attribute [rw] captcha_config
|
|
8462
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations. If you don't
|
|
8463
|
+
# specify this, WAF uses the `CAPTCHA` configuration that's defined
|
|
8464
|
+
# for the web ACL.
|
|
8465
|
+
# @return [Types::CaptchaConfig]
|
|
8466
|
+
#
|
|
8233
8467
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Rule AWS API Documentation
|
|
8234
8468
|
#
|
|
8235
8469
|
class Rule < Struct.new(
|
|
@@ -8239,7 +8473,8 @@ module Aws::WAFV2
|
|
|
8239
8473
|
:action,
|
|
8240
8474
|
:override_action,
|
|
8241
8475
|
:rule_labels,
|
|
8242
|
-
:visibility_config
|
|
8476
|
+
:visibility_config,
|
|
8477
|
+
:captcha_config)
|
|
8243
8478
|
SENSITIVE = []
|
|
8244
8479
|
include Aws::Structure
|
|
8245
8480
|
end
|
|
@@ -8284,6 +8519,16 @@ module Aws::WAFV2
|
|
|
8284
8519
|
# ],
|
|
8285
8520
|
# },
|
|
8286
8521
|
# },
|
|
8522
|
+
# captcha: {
|
|
8523
|
+
# custom_request_handling: {
|
|
8524
|
+
# insert_headers: [ # required
|
|
8525
|
+
# {
|
|
8526
|
+
# name: "CustomHTTPHeaderName", # required
|
|
8527
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
8528
|
+
# },
|
|
8529
|
+
# ],
|
|
8530
|
+
# },
|
|
8531
|
+
# },
|
|
8287
8532
|
# }
|
|
8288
8533
|
#
|
|
8289
8534
|
# @!attribute [rw] block
|
|
@@ -8298,12 +8543,17 @@ module Aws::WAFV2
|
|
|
8298
8543
|
# Instructs WAF to count the web request and allow it.
|
|
8299
8544
|
# @return [Types::CountAction]
|
|
8300
8545
|
#
|
|
8546
|
+
# @!attribute [rw] captcha
|
|
8547
|
+
# Instructs WAF to run a `CAPTCHA` check against the web request.
|
|
8548
|
+
# @return [Types::CaptchaAction]
|
|
8549
|
+
#
|
|
8301
8550
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleAction AWS API Documentation
|
|
8302
8551
|
#
|
|
8303
8552
|
class RuleAction < Struct.new(
|
|
8304
8553
|
:block,
|
|
8305
8554
|
:allow,
|
|
8306
|
-
:count
|
|
8555
|
+
:count,
|
|
8556
|
+
:captcha)
|
|
8307
8557
|
SENSITIVE = []
|
|
8308
8558
|
include Aws::Structure
|
|
8309
8559
|
end
|
|
@@ -8457,8 +8707,11 @@ module Aws::WAFV2
|
|
|
8457
8707
|
# @return [String]
|
|
8458
8708
|
#
|
|
8459
8709
|
# @!attribute [rw] excluded_rules
|
|
8460
|
-
# The
|
|
8461
|
-
# you
|
|
8710
|
+
# The rules in the referenced rule group whose actions are set to
|
|
8711
|
+
# `Count`. When you exclude a rule, WAF evaluates it exactly as it
|
|
8712
|
+
# would if the rule action setting were `Count`. This is a useful
|
|
8713
|
+
# option for testing the rules in a rule group without modifying how
|
|
8714
|
+
# they handle your web traffic.
|
|
8462
8715
|
# @return [Array<Types::ExcludedRule>]
|
|
8463
8716
|
#
|
|
8464
8717
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleGroupReferenceStatement AWS API Documentation
|
|
@@ -8567,8 +8820,8 @@ module Aws::WAFV2
|
|
|
8567
8820
|
# @return [Time]
|
|
8568
8821
|
#
|
|
8569
8822
|
# @!attribute [rw] action
|
|
8570
|
-
# The action for the `Rule` that the request matched: `
|
|
8571
|
-
# `
|
|
8823
|
+
# The action for the `Rule` that the request matched: `Allow`,
|
|
8824
|
+
# `Block`, or `Count`.
|
|
8572
8825
|
# @return [String]
|
|
8573
8826
|
#
|
|
8574
8827
|
# @!attribute [rw] rule_name_within_rule_group
|
|
@@ -8599,6 +8852,10 @@ module Aws::WAFV2
|
|
|
8599
8852
|
# or `awswaf:managed:aws:managed-rule-set:header:encoding:utf8`.
|
|
8600
8853
|
# @return [Array<Types::Label>]
|
|
8601
8854
|
#
|
|
8855
|
+
# @!attribute [rw] captcha_response
|
|
8856
|
+
# The `CAPTCHA` response for the request.
|
|
8857
|
+
# @return [Types::CaptchaResponse]
|
|
8858
|
+
#
|
|
8602
8859
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
|
|
8603
8860
|
#
|
|
8604
8861
|
class SampledHTTPRequest < Struct.new(
|
|
@@ -8609,7 +8866,8 @@ module Aws::WAFV2
|
|
|
8609
8866
|
:rule_name_within_rule_group,
|
|
8610
8867
|
:request_headers_inserted,
|
|
8611
8868
|
:response_code_sent,
|
|
8612
|
-
:labels
|
|
8869
|
+
:labels,
|
|
8870
|
+
:captcha_response)
|
|
8613
8871
|
SENSITIVE = []
|
|
8614
8872
|
include Aws::Structure
|
|
8615
8873
|
end
|
|
@@ -11711,6 +11969,16 @@ module Aws::WAFV2
|
|
|
11711
11969
|
# ],
|
|
11712
11970
|
# },
|
|
11713
11971
|
# },
|
|
11972
|
+
# captcha: {
|
|
11973
|
+
# custom_request_handling: {
|
|
11974
|
+
# insert_headers: [ # required
|
|
11975
|
+
# {
|
|
11976
|
+
# name: "CustomHTTPHeaderName", # required
|
|
11977
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
11978
|
+
# },
|
|
11979
|
+
# ],
|
|
11980
|
+
# },
|
|
11981
|
+
# },
|
|
11714
11982
|
# },
|
|
11715
11983
|
# override_action: {
|
|
11716
11984
|
# count: {
|
|
@@ -11736,6 +12004,11 @@ module Aws::WAFV2
|
|
|
11736
12004
|
# cloud_watch_metrics_enabled: false, # required
|
|
11737
12005
|
# metric_name: "MetricName", # required
|
|
11738
12006
|
# },
|
|
12007
|
+
# captcha_config: {
|
|
12008
|
+
# immunity_time_property: {
|
|
12009
|
+
# immunity_time: 1, # required
|
|
12010
|
+
# },
|
|
12011
|
+
# },
|
|
11739
12012
|
# },
|
|
11740
12013
|
# ],
|
|
11741
12014
|
# visibility_config: { # required
|
|
@@ -12213,6 +12486,16 @@ module Aws::WAFV2
|
|
|
12213
12486
|
# ],
|
|
12214
12487
|
# },
|
|
12215
12488
|
# },
|
|
12489
|
+
# captcha: {
|
|
12490
|
+
# custom_request_handling: {
|
|
12491
|
+
# insert_headers: [ # required
|
|
12492
|
+
# {
|
|
12493
|
+
# name: "CustomHTTPHeaderName", # required
|
|
12494
|
+
# value: "CustomHTTPHeaderValue", # required
|
|
12495
|
+
# },
|
|
12496
|
+
# ],
|
|
12497
|
+
# },
|
|
12498
|
+
# },
|
|
12216
12499
|
# },
|
|
12217
12500
|
# override_action: {
|
|
12218
12501
|
# count: {
|
|
@@ -12238,6 +12521,11 @@ module Aws::WAFV2
|
|
|
12238
12521
|
# cloud_watch_metrics_enabled: false, # required
|
|
12239
12522
|
# metric_name: "MetricName", # required
|
|
12240
12523
|
# },
|
|
12524
|
+
# captcha_config: {
|
|
12525
|
+
# immunity_time_property: {
|
|
12526
|
+
# immunity_time: 1, # required
|
|
12527
|
+
# },
|
|
12528
|
+
# },
|
|
12241
12529
|
# },
|
|
12242
12530
|
# ],
|
|
12243
12531
|
# visibility_config: { # required
|
|
@@ -12252,6 +12540,11 @@ module Aws::WAFV2
|
|
|
12252
12540
|
# content: "ResponseContent", # required
|
|
12253
12541
|
# },
|
|
12254
12542
|
# },
|
|
12543
|
+
# captcha_config: {
|
|
12544
|
+
# immunity_time_property: {
|
|
12545
|
+
# immunity_time: 1, # required
|
|
12546
|
+
# },
|
|
12547
|
+
# },
|
|
12255
12548
|
# }
|
|
12256
12549
|
#
|
|
12257
12550
|
# @!attribute [rw] name
|
|
@@ -12334,6 +12627,12 @@ module Aws::WAFV2
|
|
|
12334
12627
|
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
|
12335
12628
|
# @return [Hash<String,Types::CustomResponseBody>]
|
|
12336
12629
|
#
|
|
12630
|
+
# @!attribute [rw] captcha_config
|
|
12631
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations for rules that
|
|
12632
|
+
# don't have their own `CaptchaConfig` settings. If you don't
|
|
12633
|
+
# specify this, WAF uses its default settings for `CaptchaConfig`.
|
|
12634
|
+
# @return [Types::CaptchaConfig]
|
|
12635
|
+
#
|
|
12337
12636
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
|
|
12338
12637
|
#
|
|
12339
12638
|
class UpdateWebACLRequest < Struct.new(
|
|
@@ -12345,7 +12644,8 @@ module Aws::WAFV2
|
|
|
12345
12644
|
:rules,
|
|
12346
12645
|
:visibility_config,
|
|
12347
12646
|
:lock_token,
|
|
12348
|
-
:custom_response_bodies
|
|
12647
|
+
:custom_response_bodies,
|
|
12648
|
+
:captcha_config)
|
|
12349
12649
|
SENSITIVE = []
|
|
12350
12650
|
include Aws::Structure
|
|
12351
12651
|
end
|
|
@@ -12647,6 +12947,25 @@ module Aws::WAFV2
|
|
|
12647
12947
|
include Aws::Structure
|
|
12648
12948
|
end
|
|
12649
12949
|
|
|
12950
|
+
# The operation failed because you don't have the permissions that your
|
|
12951
|
+
# logging configuration requires. For information, see [Logging web ACL
|
|
12952
|
+
# traffic information][1] in the *WAF Developer Guide*.
|
|
12953
|
+
#
|
|
12954
|
+
#
|
|
12955
|
+
#
|
|
12956
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
|
|
12957
|
+
#
|
|
12958
|
+
# @!attribute [rw] message
|
|
12959
|
+
# @return [String]
|
|
12960
|
+
#
|
|
12961
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFLogDestinationPermissionIssueException AWS API Documentation
|
|
12962
|
+
#
|
|
12963
|
+
class WAFLogDestinationPermissionIssueException < Struct.new(
|
|
12964
|
+
:message)
|
|
12965
|
+
SENSITIVE = []
|
|
12966
|
+
include Aws::Structure
|
|
12967
|
+
end
|
|
12968
|
+
|
|
12650
12969
|
# WAF couldn’t perform the operation because your resource doesn’t
|
|
12651
12970
|
# exist.
|
|
12652
12971
|
#
|
|
@@ -12885,6 +13204,12 @@ module Aws::WAFV2
|
|
|
12885
13204
|
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
|
12886
13205
|
# @return [Hash<String,Types::CustomResponseBody>]
|
|
12887
13206
|
#
|
|
13207
|
+
# @!attribute [rw] captcha_config
|
|
13208
|
+
# Specifies how WAF should handle `CAPTCHA` evaluations for rules that
|
|
13209
|
+
# don't have their own `CaptchaConfig` settings. If you don't
|
|
13210
|
+
# specify this, WAF uses its default settings for `CaptchaConfig`.
|
|
13211
|
+
# @return [Types::CaptchaConfig]
|
|
13212
|
+
#
|
|
12888
13213
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
|
|
12889
13214
|
#
|
|
12890
13215
|
class WebACL < Struct.new(
|
|
@@ -12900,7 +13225,8 @@ module Aws::WAFV2
|
|
|
12900
13225
|
:post_process_firewall_manager_rule_groups,
|
|
12901
13226
|
:managed_by_firewall_manager,
|
|
12902
13227
|
:label_namespace,
|
|
12903
|
-
:custom_response_bodies
|
|
13228
|
+
:custom_response_bodies,
|
|
13229
|
+
:captcha_config)
|
|
12904
13230
|
SENSITIVE = []
|
|
12905
13231
|
include Aws::Structure
|
|
12906
13232
|
end
|