aws-sdk-wafv2 1.43.0 → 1.44.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -10,18 +10,53 @@
10
10
  module Aws::WAFV2
11
11
  module Types
12
12
 
13
+ # Details for your use of the Bot Control managed rule group, used in
14
+ # `ManagedRuleGroupConfig`.
15
+ #
16
+ # @note When making an API call, you may pass AWSManagedRulesBotControlRuleSet
17
+ # data as a hash:
18
+ #
19
+ # {
20
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
21
+ # }
22
+ #
23
+ # @!attribute [rw] inspection_level
24
+ # The inspection level to use for the Bot Control rule group. The
25
+ # common level is the least expensive. The targeted level includes all
26
+ # common level rules and adds rules with more advanced inspection
27
+ # criteria. For details, see [WAF Bot Control rule group][1].
28
+ #
29
+ #
30
+ #
31
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html
32
+ # @return [String]
33
+ #
34
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesBotControlRuleSet AWS API Documentation
35
+ #
36
+ class AWSManagedRulesBotControlRuleSet < Struct.new(
37
+ :inspection_level)
38
+ SENSITIVE = []
39
+ include Aws::Structure
40
+ end
41
+
13
42
  # A single action condition for a Condition in a logging filter.
14
43
  #
15
44
  # @note When making an API call, you may pass ActionCondition
16
45
  # data as a hash:
17
46
  #
18
47
  # {
19
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
48
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
20
49
  # }
21
50
  #
22
51
  # @!attribute [rw] action
23
52
  # The action setting that a log record must contain in order to meet
24
- # the condition.
53
+ # the condition. This is the action that WAF applied to the web
54
+ # request.
55
+ #
56
+ # For rule groups, this is either the configured rule action setting,
57
+ # or if you've applied a rule action override to the rule, it's the
58
+ # override action. The value `EXCLUDED_AS_COUNT` matches on excluded
59
+ # rules and also on rules that have a rule action override of Count.
25
60
  # @return [String]
26
61
  #
27
62
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ActionCondition AWS API Documentation
@@ -358,6 +393,65 @@ module Aws::WAFV2
358
393
  # name: "EntityName", # required
359
394
  # },
360
395
  # ],
396
+ # rule_action_overrides: [
397
+ # {
398
+ # name: "EntityName", # required
399
+ # action_to_use: { # required
400
+ # block: {
401
+ # custom_response: {
402
+ # response_code: 1, # required
403
+ # custom_response_body_key: "EntityName",
404
+ # response_headers: [
405
+ # {
406
+ # name: "CustomHTTPHeaderName", # required
407
+ # value: "CustomHTTPHeaderValue", # required
408
+ # },
409
+ # ],
410
+ # },
411
+ # },
412
+ # allow: {
413
+ # custom_request_handling: {
414
+ # insert_headers: [ # required
415
+ # {
416
+ # name: "CustomHTTPHeaderName", # required
417
+ # value: "CustomHTTPHeaderValue", # required
418
+ # },
419
+ # ],
420
+ # },
421
+ # },
422
+ # count: {
423
+ # custom_request_handling: {
424
+ # insert_headers: [ # required
425
+ # {
426
+ # name: "CustomHTTPHeaderName", # required
427
+ # value: "CustomHTTPHeaderValue", # required
428
+ # },
429
+ # ],
430
+ # },
431
+ # },
432
+ # captcha: {
433
+ # custom_request_handling: {
434
+ # insert_headers: [ # required
435
+ # {
436
+ # name: "CustomHTTPHeaderName", # required
437
+ # value: "CustomHTTPHeaderValue", # required
438
+ # },
439
+ # ],
440
+ # },
441
+ # },
442
+ # challenge: {
443
+ # custom_request_handling: {
444
+ # insert_headers: [ # required
445
+ # {
446
+ # name: "CustomHTTPHeaderName", # required
447
+ # value: "CustomHTTPHeaderValue", # required
448
+ # },
449
+ # ],
450
+ # },
451
+ # },
452
+ # },
453
+ # },
454
+ # ],
361
455
  # },
362
456
  # ip_set_reference_statement: {
363
457
  # arn: "ResourceArn", # required
@@ -473,6 +567,68 @@ module Aws::WAFV2
473
567
  # password_field: {
474
568
  # identifier: "FieldIdentifier", # required
475
569
  # },
570
+ # aws_managed_rules_bot_control_rule_set: {
571
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
572
+ # },
573
+ # },
574
+ # ],
575
+ # rule_action_overrides: [
576
+ # {
577
+ # name: "EntityName", # required
578
+ # action_to_use: { # required
579
+ # block: {
580
+ # custom_response: {
581
+ # response_code: 1, # required
582
+ # custom_response_body_key: "EntityName",
583
+ # response_headers: [
584
+ # {
585
+ # name: "CustomHTTPHeaderName", # required
586
+ # value: "CustomHTTPHeaderValue", # required
587
+ # },
588
+ # ],
589
+ # },
590
+ # },
591
+ # allow: {
592
+ # custom_request_handling: {
593
+ # insert_headers: [ # required
594
+ # {
595
+ # name: "CustomHTTPHeaderName", # required
596
+ # value: "CustomHTTPHeaderValue", # required
597
+ # },
598
+ # ],
599
+ # },
600
+ # },
601
+ # count: {
602
+ # custom_request_handling: {
603
+ # insert_headers: [ # required
604
+ # {
605
+ # name: "CustomHTTPHeaderName", # required
606
+ # value: "CustomHTTPHeaderValue", # required
607
+ # },
608
+ # ],
609
+ # },
610
+ # },
611
+ # captcha: {
612
+ # custom_request_handling: {
613
+ # insert_headers: [ # required
614
+ # {
615
+ # name: "CustomHTTPHeaderName", # required
616
+ # value: "CustomHTTPHeaderValue", # required
617
+ # },
618
+ # ],
619
+ # },
620
+ # },
621
+ # challenge: {
622
+ # custom_request_handling: {
623
+ # insert_headers: [ # required
624
+ # {
625
+ # name: "CustomHTTPHeaderName", # required
626
+ # value: "CustomHTTPHeaderValue", # required
627
+ # },
628
+ # ],
629
+ # },
630
+ # },
631
+ # },
476
632
  # },
477
633
  # ],
478
634
  # },
@@ -864,11 +1020,12 @@ module Aws::WAFV2
864
1020
  # Specifies that WAF should run a `CAPTCHA` check against the request:
865
1021
  #
866
1022
  # * If the request includes a valid, unexpired `CAPTCHA` token, WAF
867
- # allows the web request inspection to proceed to the next rule,
868
- # similar to a `CountAction`.
1023
+ # applies any custom request handling and labels that you've
1024
+ # configured and then allows the web request inspection to proceed to
1025
+ # the next rule, similar to a `CountAction`.
869
1026
  #
870
- # * If the request doesn't include a valid, unexpired `CAPTCHA` token,
871
- # WAF discontinues the web ACL evaluation of the request and blocks it
1027
+ # * If the request doesn't include a valid, unexpired token, WAF
1028
+ # discontinues the web ACL evaluation of the request and blocks it
872
1029
  # from going to its intended destination.
873
1030
  #
874
1031
  # WAF generates a response that it sends back to the client, which
@@ -879,7 +1036,8 @@ module Aws::WAFV2
879
1036
  # * The HTTP status code `405 Method Not Allowed`.
880
1037
  #
881
1038
  # * If the request contains an `Accept` header with a value of
882
- # `text/html`, the response includes a `CAPTCHA` challenge.
1039
+ # `text/html`, the response includes a `CAPTCHA` JavaScript page
1040
+ # interstitial.
883
1041
  #
884
1042
  # You can configure the expiration time in the `CaptchaConfig`
885
1043
  # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
@@ -903,7 +1061,9 @@ module Aws::WAFV2
903
1061
  # }
904
1062
  #
905
1063
  # @!attribute [rw] custom_request_handling
906
- # Defines custom handling for the web request.
1064
+ # Defines custom handling for the web request, used when the `CAPTCHA`
1065
+ # inspection determines that the request's token is valid and
1066
+ # unexpired.
907
1067
  #
908
1068
  # For information about customizing web requests and responses, see
909
1069
  # [Customizing web requests and responses in WAF][1] in the [WAF
@@ -936,8 +1096,8 @@ module Aws::WAFV2
936
1096
  # }
937
1097
  #
938
1098
  # @!attribute [rw] immunity_time_property
939
- # Determines how long a `CAPTCHA` token remains valid after the client
940
- # successfully solves a `CAPTCHA` puzzle.
1099
+ # Determines how long a `CAPTCHA` timestamp in the token remains valid
1100
+ # after the client successfully solves a `CAPTCHA` puzzle.
941
1101
  # @return [Types::ImmunityTimeProperty]
942
1102
  #
943
1103
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaConfig AWS API Documentation
@@ -958,8 +1118,7 @@ module Aws::WAFV2
958
1118
  # @return [Integer]
959
1119
  #
960
1120
  # @!attribute [rw] solve_timestamp
961
- # The time that the `CAPTCHA` puzzle was solved for the supplied
962
- # token.
1121
+ # The time that the `CAPTCHA` was last solved for the supplied token.
963
1122
  # @return [Integer]
964
1123
  #
965
1124
  # @!attribute [rw] failure_reason
@@ -977,6 +1136,138 @@ module Aws::WAFV2
977
1136
  include Aws::Structure
978
1137
  end
979
1138
 
1139
+ # Specifies that WAF should run a `Challenge` check against the request
1140
+ # to verify that the request is coming from a legitimate client session:
1141
+ #
1142
+ # * If the request includes a valid, unexpired challenge token, WAF
1143
+ # applies any custom request handling and labels that you've
1144
+ # configured and then allows the web request inspection to proceed to
1145
+ # the next rule, similar to a `CountAction`.
1146
+ #
1147
+ # * If the request doesn't include a valid, unexpired challenge token,
1148
+ # WAF discontinues the web ACL evaluation of the request and blocks it
1149
+ # from going to its intended destination.
1150
+ #
1151
+ # WAF then generates a challenge response that it sends back to the
1152
+ # client, which includes the following:
1153
+ #
1154
+ # * The header `x-amzn-waf-action` with a value of `challenge`.
1155
+ #
1156
+ # * The HTTP status code `202 Request Accepted`.
1157
+ #
1158
+ # * If the request contains an `Accept` header with a value of
1159
+ # `text/html`, the response includes a JavaScript page interstitial
1160
+ # with a challenge script.
1161
+ #
1162
+ # Challenges run silent browser interrogations in the background, and
1163
+ # don't generally affect the end user experience.
1164
+ #
1165
+ # A challenge enforces token acquisition using an interstitial
1166
+ # JavaScript challenge that inspects the client session for legitimate
1167
+ # behavior. The challenge blocks bots or at least increases the cost
1168
+ # of operating sophisticated bots.
1169
+ #
1170
+ # After the client session successfully responds to the challenge, it
1171
+ # receives a new token from WAF, which the challenge script uses to
1172
+ # resubmit the original request.
1173
+ #
1174
+ # You can configure the expiration time in the `ChallengeConfig`
1175
+ # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
1176
+ # setting overrides the web ACL setting.
1177
+ #
1178
+ # This action option is available for rules. It isn't available for web
1179
+ # ACL default actions.
1180
+ #
1181
+ # @note When making an API call, you may pass ChallengeAction
1182
+ # data as a hash:
1183
+ #
1184
+ # {
1185
+ # custom_request_handling: {
1186
+ # insert_headers: [ # required
1187
+ # {
1188
+ # name: "CustomHTTPHeaderName", # required
1189
+ # value: "CustomHTTPHeaderValue", # required
1190
+ # },
1191
+ # ],
1192
+ # },
1193
+ # }
1194
+ #
1195
+ # @!attribute [rw] custom_request_handling
1196
+ # Defines custom handling for the web request, used when the challenge
1197
+ # inspection determines that the request's token is valid and
1198
+ # unexpired.
1199
+ #
1200
+ # For information about customizing web requests and responses, see
1201
+ # [Customizing web requests and responses in WAF][1] in the [WAF
1202
+ # Developer Guide][2].
1203
+ #
1204
+ #
1205
+ #
1206
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1207
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1208
+ # @return [Types::CustomRequestHandling]
1209
+ #
1210
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation
1211
+ #
1212
+ class ChallengeAction < Struct.new(
1213
+ :custom_request_handling)
1214
+ SENSITIVE = []
1215
+ include Aws::Structure
1216
+ end
1217
+
1218
+ # Specifies how WAF should handle `Challenge` evaluations. This is
1219
+ # available at the web ACL level and in each rule.
1220
+ #
1221
+ # @note When making an API call, you may pass ChallengeConfig
1222
+ # data as a hash:
1223
+ #
1224
+ # {
1225
+ # immunity_time_property: {
1226
+ # immunity_time: 1, # required
1227
+ # },
1228
+ # }
1229
+ #
1230
+ # @!attribute [rw] immunity_time_property
1231
+ # Determines how long a challenge timestamp in the token remains valid
1232
+ # after the client successfully responds to a challenge.
1233
+ # @return [Types::ImmunityTimeProperty]
1234
+ #
1235
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeConfig AWS API Documentation
1236
+ #
1237
+ class ChallengeConfig < Struct.new(
1238
+ :immunity_time_property)
1239
+ SENSITIVE = []
1240
+ include Aws::Structure
1241
+ end
1242
+
1243
+ # The result from the inspection of the web request for a valid
1244
+ # challenge token.
1245
+ #
1246
+ # @!attribute [rw] response_code
1247
+ # The HTTP response code indicating the status of the challenge token
1248
+ # in the web request. If the token is missing, invalid, or expired,
1249
+ # this code is `202 Request Accepted`.
1250
+ # @return [Integer]
1251
+ #
1252
+ # @!attribute [rw] solve_timestamp
1253
+ # The time that the challenge was last solved for the supplied token.
1254
+ # @return [Integer]
1255
+ #
1256
+ # @!attribute [rw] failure_reason
1257
+ # The reason for failure, populated when the evaluation of the token
1258
+ # fails.
1259
+ # @return [String]
1260
+ #
1261
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeResponse AWS API Documentation
1262
+ #
1263
+ class ChallengeResponse < Struct.new(
1264
+ :response_code,
1265
+ :solve_timestamp,
1266
+ :failure_reason)
1267
+ SENSITIVE = []
1268
+ include Aws::Structure
1269
+ end
1270
+
980
1271
  # @note When making an API call, you may pass CheckCapacityRequest
981
1272
  # data as a hash:
982
1273
  #
@@ -1234,6 +1525,65 @@ module Aws::WAFV2
1234
1525
  # name: "EntityName", # required
1235
1526
  # },
1236
1527
  # ],
1528
+ # rule_action_overrides: [
1529
+ # {
1530
+ # name: "EntityName", # required
1531
+ # action_to_use: { # required
1532
+ # block: {
1533
+ # custom_response: {
1534
+ # response_code: 1, # required
1535
+ # custom_response_body_key: "EntityName",
1536
+ # response_headers: [
1537
+ # {
1538
+ # name: "CustomHTTPHeaderName", # required
1539
+ # value: "CustomHTTPHeaderValue", # required
1540
+ # },
1541
+ # ],
1542
+ # },
1543
+ # },
1544
+ # allow: {
1545
+ # custom_request_handling: {
1546
+ # insert_headers: [ # required
1547
+ # {
1548
+ # name: "CustomHTTPHeaderName", # required
1549
+ # value: "CustomHTTPHeaderValue", # required
1550
+ # },
1551
+ # ],
1552
+ # },
1553
+ # },
1554
+ # count: {
1555
+ # custom_request_handling: {
1556
+ # insert_headers: [ # required
1557
+ # {
1558
+ # name: "CustomHTTPHeaderName", # required
1559
+ # value: "CustomHTTPHeaderValue", # required
1560
+ # },
1561
+ # ],
1562
+ # },
1563
+ # },
1564
+ # captcha: {
1565
+ # custom_request_handling: {
1566
+ # insert_headers: [ # required
1567
+ # {
1568
+ # name: "CustomHTTPHeaderName", # required
1569
+ # value: "CustomHTTPHeaderValue", # required
1570
+ # },
1571
+ # ],
1572
+ # },
1573
+ # },
1574
+ # challenge: {
1575
+ # custom_request_handling: {
1576
+ # insert_headers: [ # required
1577
+ # {
1578
+ # name: "CustomHTTPHeaderName", # required
1579
+ # value: "CustomHTTPHeaderValue", # required
1580
+ # },
1581
+ # ],
1582
+ # },
1583
+ # },
1584
+ # },
1585
+ # },
1586
+ # ],
1237
1587
  # },
1238
1588
  # ip_set_reference_statement: {
1239
1589
  # arn: "ResourceArn", # required
@@ -1353,6 +1703,68 @@ module Aws::WAFV2
1353
1703
  # password_field: {
1354
1704
  # identifier: "FieldIdentifier", # required
1355
1705
  # },
1706
+ # aws_managed_rules_bot_control_rule_set: {
1707
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
1708
+ # },
1709
+ # },
1710
+ # ],
1711
+ # rule_action_overrides: [
1712
+ # {
1713
+ # name: "EntityName", # required
1714
+ # action_to_use: { # required
1715
+ # block: {
1716
+ # custom_response: {
1717
+ # response_code: 1, # required
1718
+ # custom_response_body_key: "EntityName",
1719
+ # response_headers: [
1720
+ # {
1721
+ # name: "CustomHTTPHeaderName", # required
1722
+ # value: "CustomHTTPHeaderValue", # required
1723
+ # },
1724
+ # ],
1725
+ # },
1726
+ # },
1727
+ # allow: {
1728
+ # custom_request_handling: {
1729
+ # insert_headers: [ # required
1730
+ # {
1731
+ # name: "CustomHTTPHeaderName", # required
1732
+ # value: "CustomHTTPHeaderValue", # required
1733
+ # },
1734
+ # ],
1735
+ # },
1736
+ # },
1737
+ # count: {
1738
+ # custom_request_handling: {
1739
+ # insert_headers: [ # required
1740
+ # {
1741
+ # name: "CustomHTTPHeaderName", # required
1742
+ # value: "CustomHTTPHeaderValue", # required
1743
+ # },
1744
+ # ],
1745
+ # },
1746
+ # },
1747
+ # captcha: {
1748
+ # custom_request_handling: {
1749
+ # insert_headers: [ # required
1750
+ # {
1751
+ # name: "CustomHTTPHeaderName", # required
1752
+ # value: "CustomHTTPHeaderValue", # required
1753
+ # },
1754
+ # ],
1755
+ # },
1756
+ # },
1757
+ # challenge: {
1758
+ # custom_request_handling: {
1759
+ # insert_headers: [ # required
1760
+ # {
1761
+ # name: "CustomHTTPHeaderName", # required
1762
+ # value: "CustomHTTPHeaderValue", # required
1763
+ # },
1764
+ # ],
1765
+ # },
1766
+ # },
1767
+ # },
1356
1768
  # },
1357
1769
  # ],
1358
1770
  # },
@@ -1462,6 +1874,16 @@ module Aws::WAFV2
1462
1874
  # ],
1463
1875
  # },
1464
1876
  # },
1877
+ # challenge: {
1878
+ # custom_request_handling: {
1879
+ # insert_headers: [ # required
1880
+ # {
1881
+ # name: "CustomHTTPHeaderName", # required
1882
+ # value: "CustomHTTPHeaderValue", # required
1883
+ # },
1884
+ # ],
1885
+ # },
1886
+ # },
1465
1887
  # },
1466
1888
  # override_action: {
1467
1889
  # count: {
@@ -1492,6 +1914,11 @@ module Aws::WAFV2
1492
1914
  # immunity_time: 1, # required
1493
1915
  # },
1494
1916
  # },
1917
+ # challenge_config: {
1918
+ # immunity_time_property: {
1919
+ # immunity_time: 1, # required
1920
+ # },
1921
+ # },
1495
1922
  # },
1496
1923
  # ],
1497
1924
  # }
@@ -1544,7 +1971,7 @@ module Aws::WAFV2
1544
1971
  #
1545
1972
  # {
1546
1973
  # action_condition: {
1547
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
1974
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
1548
1975
  # },
1549
1976
  # label_name_condition: {
1550
1977
  # label_name: "LabelName", # required
@@ -2189,6 +2616,65 @@ module Aws::WAFV2
2189
2616
  # name: "EntityName", # required
2190
2617
  # },
2191
2618
  # ],
2619
+ # rule_action_overrides: [
2620
+ # {
2621
+ # name: "EntityName", # required
2622
+ # action_to_use: { # required
2623
+ # block: {
2624
+ # custom_response: {
2625
+ # response_code: 1, # required
2626
+ # custom_response_body_key: "EntityName",
2627
+ # response_headers: [
2628
+ # {
2629
+ # name: "CustomHTTPHeaderName", # required
2630
+ # value: "CustomHTTPHeaderValue", # required
2631
+ # },
2632
+ # ],
2633
+ # },
2634
+ # },
2635
+ # allow: {
2636
+ # custom_request_handling: {
2637
+ # insert_headers: [ # required
2638
+ # {
2639
+ # name: "CustomHTTPHeaderName", # required
2640
+ # value: "CustomHTTPHeaderValue", # required
2641
+ # },
2642
+ # ],
2643
+ # },
2644
+ # },
2645
+ # count: {
2646
+ # custom_request_handling: {
2647
+ # insert_headers: [ # required
2648
+ # {
2649
+ # name: "CustomHTTPHeaderName", # required
2650
+ # value: "CustomHTTPHeaderValue", # required
2651
+ # },
2652
+ # ],
2653
+ # },
2654
+ # },
2655
+ # captcha: {
2656
+ # custom_request_handling: {
2657
+ # insert_headers: [ # required
2658
+ # {
2659
+ # name: "CustomHTTPHeaderName", # required
2660
+ # value: "CustomHTTPHeaderValue", # required
2661
+ # },
2662
+ # ],
2663
+ # },
2664
+ # },
2665
+ # challenge: {
2666
+ # custom_request_handling: {
2667
+ # insert_headers: [ # required
2668
+ # {
2669
+ # name: "CustomHTTPHeaderName", # required
2670
+ # value: "CustomHTTPHeaderValue", # required
2671
+ # },
2672
+ # ],
2673
+ # },
2674
+ # },
2675
+ # },
2676
+ # },
2677
+ # ],
2192
2678
  # },
2193
2679
  # ip_set_reference_statement: {
2194
2680
  # arn: "ResourceArn", # required
@@ -2308,6 +2794,68 @@ module Aws::WAFV2
2308
2794
  # password_field: {
2309
2795
  # identifier: "FieldIdentifier", # required
2310
2796
  # },
2797
+ # aws_managed_rules_bot_control_rule_set: {
2798
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
2799
+ # },
2800
+ # },
2801
+ # ],
2802
+ # rule_action_overrides: [
2803
+ # {
2804
+ # name: "EntityName", # required
2805
+ # action_to_use: { # required
2806
+ # block: {
2807
+ # custom_response: {
2808
+ # response_code: 1, # required
2809
+ # custom_response_body_key: "EntityName",
2810
+ # response_headers: [
2811
+ # {
2812
+ # name: "CustomHTTPHeaderName", # required
2813
+ # value: "CustomHTTPHeaderValue", # required
2814
+ # },
2815
+ # ],
2816
+ # },
2817
+ # },
2818
+ # allow: {
2819
+ # custom_request_handling: {
2820
+ # insert_headers: [ # required
2821
+ # {
2822
+ # name: "CustomHTTPHeaderName", # required
2823
+ # value: "CustomHTTPHeaderValue", # required
2824
+ # },
2825
+ # ],
2826
+ # },
2827
+ # },
2828
+ # count: {
2829
+ # custom_request_handling: {
2830
+ # insert_headers: [ # required
2831
+ # {
2832
+ # name: "CustomHTTPHeaderName", # required
2833
+ # value: "CustomHTTPHeaderValue", # required
2834
+ # },
2835
+ # ],
2836
+ # },
2837
+ # },
2838
+ # captcha: {
2839
+ # custom_request_handling: {
2840
+ # insert_headers: [ # required
2841
+ # {
2842
+ # name: "CustomHTTPHeaderName", # required
2843
+ # value: "CustomHTTPHeaderValue", # required
2844
+ # },
2845
+ # ],
2846
+ # },
2847
+ # },
2848
+ # challenge: {
2849
+ # custom_request_handling: {
2850
+ # insert_headers: [ # required
2851
+ # {
2852
+ # name: "CustomHTTPHeaderName", # required
2853
+ # value: "CustomHTTPHeaderValue", # required
2854
+ # },
2855
+ # ],
2856
+ # },
2857
+ # },
2858
+ # },
2311
2859
  # },
2312
2860
  # ],
2313
2861
  # },
@@ -2417,6 +2965,16 @@ module Aws::WAFV2
2417
2965
  # ],
2418
2966
  # },
2419
2967
  # },
2968
+ # challenge: {
2969
+ # custom_request_handling: {
2970
+ # insert_headers: [ # required
2971
+ # {
2972
+ # name: "CustomHTTPHeaderName", # required
2973
+ # value: "CustomHTTPHeaderValue", # required
2974
+ # },
2975
+ # ],
2976
+ # },
2977
+ # },
2420
2978
  # },
2421
2979
  # override_action: {
2422
2980
  # count: {
@@ -2447,6 +3005,11 @@ module Aws::WAFV2
2447
3005
  # immunity_time: 1, # required
2448
3006
  # },
2449
3007
  # },
3008
+ # challenge_config: {
3009
+ # immunity_time_property: {
3010
+ # immunity_time: 1, # required
3011
+ # },
3012
+ # },
2450
3013
  # },
2451
3014
  # ],
2452
3015
  # visibility_config: { # required
@@ -2861,6 +3424,65 @@ module Aws::WAFV2
2861
3424
  # name: "EntityName", # required
2862
3425
  # },
2863
3426
  # ],
3427
+ # rule_action_overrides: [
3428
+ # {
3429
+ # name: "EntityName", # required
3430
+ # action_to_use: { # required
3431
+ # block: {
3432
+ # custom_response: {
3433
+ # response_code: 1, # required
3434
+ # custom_response_body_key: "EntityName",
3435
+ # response_headers: [
3436
+ # {
3437
+ # name: "CustomHTTPHeaderName", # required
3438
+ # value: "CustomHTTPHeaderValue", # required
3439
+ # },
3440
+ # ],
3441
+ # },
3442
+ # },
3443
+ # allow: {
3444
+ # custom_request_handling: {
3445
+ # insert_headers: [ # required
3446
+ # {
3447
+ # name: "CustomHTTPHeaderName", # required
3448
+ # value: "CustomHTTPHeaderValue", # required
3449
+ # },
3450
+ # ],
3451
+ # },
3452
+ # },
3453
+ # count: {
3454
+ # custom_request_handling: {
3455
+ # insert_headers: [ # required
3456
+ # {
3457
+ # name: "CustomHTTPHeaderName", # required
3458
+ # value: "CustomHTTPHeaderValue", # required
3459
+ # },
3460
+ # ],
3461
+ # },
3462
+ # },
3463
+ # captcha: {
3464
+ # custom_request_handling: {
3465
+ # insert_headers: [ # required
3466
+ # {
3467
+ # name: "CustomHTTPHeaderName", # required
3468
+ # value: "CustomHTTPHeaderValue", # required
3469
+ # },
3470
+ # ],
3471
+ # },
3472
+ # },
3473
+ # challenge: {
3474
+ # custom_request_handling: {
3475
+ # insert_headers: [ # required
3476
+ # {
3477
+ # name: "CustomHTTPHeaderName", # required
3478
+ # value: "CustomHTTPHeaderValue", # required
3479
+ # },
3480
+ # ],
3481
+ # },
3482
+ # },
3483
+ # },
3484
+ # },
3485
+ # ],
2864
3486
  # },
2865
3487
  # ip_set_reference_statement: {
2866
3488
  # arn: "ResourceArn", # required
@@ -2980,6 +3602,68 @@ module Aws::WAFV2
2980
3602
  # password_field: {
2981
3603
  # identifier: "FieldIdentifier", # required
2982
3604
  # },
3605
+ # aws_managed_rules_bot_control_rule_set: {
3606
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
3607
+ # },
3608
+ # },
3609
+ # ],
3610
+ # rule_action_overrides: [
3611
+ # {
3612
+ # name: "EntityName", # required
3613
+ # action_to_use: { # required
3614
+ # block: {
3615
+ # custom_response: {
3616
+ # response_code: 1, # required
3617
+ # custom_response_body_key: "EntityName",
3618
+ # response_headers: [
3619
+ # {
3620
+ # name: "CustomHTTPHeaderName", # required
3621
+ # value: "CustomHTTPHeaderValue", # required
3622
+ # },
3623
+ # ],
3624
+ # },
3625
+ # },
3626
+ # allow: {
3627
+ # custom_request_handling: {
3628
+ # insert_headers: [ # required
3629
+ # {
3630
+ # name: "CustomHTTPHeaderName", # required
3631
+ # value: "CustomHTTPHeaderValue", # required
3632
+ # },
3633
+ # ],
3634
+ # },
3635
+ # },
3636
+ # count: {
3637
+ # custom_request_handling: {
3638
+ # insert_headers: [ # required
3639
+ # {
3640
+ # name: "CustomHTTPHeaderName", # required
3641
+ # value: "CustomHTTPHeaderValue", # required
3642
+ # },
3643
+ # ],
3644
+ # },
3645
+ # },
3646
+ # captcha: {
3647
+ # custom_request_handling: {
3648
+ # insert_headers: [ # required
3649
+ # {
3650
+ # name: "CustomHTTPHeaderName", # required
3651
+ # value: "CustomHTTPHeaderValue", # required
3652
+ # },
3653
+ # ],
3654
+ # },
3655
+ # },
3656
+ # challenge: {
3657
+ # custom_request_handling: {
3658
+ # insert_headers: [ # required
3659
+ # {
3660
+ # name: "CustomHTTPHeaderName", # required
3661
+ # value: "CustomHTTPHeaderValue", # required
3662
+ # },
3663
+ # ],
3664
+ # },
3665
+ # },
3666
+ # },
2983
3667
  # },
2984
3668
  # ],
2985
3669
  # },
@@ -3089,6 +3773,16 @@ module Aws::WAFV2
3089
3773
  # ],
3090
3774
  # },
3091
3775
  # },
3776
+ # challenge: {
3777
+ # custom_request_handling: {
3778
+ # insert_headers: [ # required
3779
+ # {
3780
+ # name: "CustomHTTPHeaderName", # required
3781
+ # value: "CustomHTTPHeaderValue", # required
3782
+ # },
3783
+ # ],
3784
+ # },
3785
+ # },
3092
3786
  # },
3093
3787
  # override_action: {
3094
3788
  # count: {
@@ -3119,6 +3813,11 @@ module Aws::WAFV2
3119
3813
  # immunity_time: 1, # required
3120
3814
  # },
3121
3815
  # },
3816
+ # challenge_config: {
3817
+ # immunity_time_property: {
3818
+ # immunity_time: 1, # required
3819
+ # },
3820
+ # },
3122
3821
  # },
3123
3822
  # ],
3124
3823
  # visibility_config: { # required
@@ -3143,6 +3842,12 @@ module Aws::WAFV2
3143
3842
  # immunity_time: 1, # required
3144
3843
  # },
3145
3844
  # },
3845
+ # challenge_config: {
3846
+ # immunity_time_property: {
3847
+ # immunity_time: 1, # required
3848
+ # },
3849
+ # },
3850
+ # token_domains: ["TokenDomain"],
3146
3851
  # }
3147
3852
  #
3148
3853
  # @!attribute [rw] name
@@ -3217,6 +3922,26 @@ module Aws::WAFV2
3217
3922
  # specify this, WAF uses its default settings for `CaptchaConfig`.
3218
3923
  # @return [Types::CaptchaConfig]
3219
3924
  #
3925
+ # @!attribute [rw] challenge_config
3926
+ # Specifies how WAF should handle challenge evaluations for rules that
3927
+ # don't have their own `ChallengeConfig` settings. If you don't
3928
+ # specify this, WAF uses its default settings for `ChallengeConfig`.
3929
+ # @return [Types::ChallengeConfig]
3930
+ #
3931
+ # @!attribute [rw] token_domains
3932
+ # Specifies the domains that WAF should accept in a web request token.
3933
+ # This enables the use of tokens across multiple protected websites.
3934
+ # When WAF provides a token, it uses the domain of the Amazon Web
3935
+ # Services resource that the web ACL is protecting. If you don't
3936
+ # specify a list of token domains, WAF accepts tokens only for the
3937
+ # domain of the protected resource. With a token domain list, WAF
3938
+ # accepts the resource's host domain plus all domains in the token
3939
+ # domain list, including their prefixed subdomains.
3940
+ #
3941
+ # Example JSON: `"TokenDomains": \{ "mywebsite.com",
3942
+ # "myotherwebsite.com" \}`
3943
+ # @return [Array<String>]
3944
+ #
3220
3945
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
3221
3946
  #
3222
3947
  class CreateWebACLRequest < Struct.new(
@@ -3228,7 +3953,9 @@ module Aws::WAFV2
3228
3953
  :visibility_config,
3229
3954
  :tags,
3230
3955
  :custom_response_bodies,
3231
- :captcha_config)
3956
+ :captcha_config,
3957
+ :challenge_config,
3958
+ :token_domains)
3232
3959
  SENSITIVE = []
3233
3960
  include Aws::Structure
3234
3961
  end
@@ -3283,8 +4010,9 @@ module Aws::WAFV2
3283
4010
  end
3284
4011
 
3285
4012
  # Custom request handling behavior that inserts custom headers into a
3286
- # web request. You can add custom request handling for the rule actions
3287
- # allow and count.
4013
+ # web request. You can add custom request handling for WAF to use when
4014
+ # the rule action doesn't block the request. For example,
4015
+ # `CaptchaAction` for requests with valid t okens, and `AllowAction`.
3288
4016
  #
3289
4017
  # For information about customizing web requests and responses, see
3290
4018
  # [Customizing web requests and responses in WAF][1] in the [WAF
@@ -4015,10 +4743,12 @@ module Aws::WAFV2
4015
4743
  class DisassociateWebACLResponse < Aws::EmptyStructure; end
4016
4744
 
4017
4745
  # Specifies a single rule in a rule group whose action you want to
4018
- # override to `Count`. When you exclude a rule, WAF evaluates it exactly
4019
- # as it would if the rule action setting were `Count`. This is a useful
4020
- # option for testing the rules in a rule group without modifying how
4021
- # they handle your web traffic.
4746
+ # override to `Count`.
4747
+ #
4748
+ # <note markdown="1"> Instead of this option, use `RuleActionOverrides`. It accepts any
4749
+ # valid action setting, including `Count`.
4750
+ #
4751
+ # </note>
4022
4752
  #
4023
4753
  # @note When making an API call, you may pass ExcludedRule
4024
4754
  # data as a hash:
@@ -4223,7 +4953,7 @@ module Aws::WAFV2
4223
4953
  # conditions: [ # required
4224
4954
  # {
4225
4955
  # action_condition: {
4226
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
4956
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
4227
4957
  # },
4228
4958
  # label_name_condition: {
4229
4959
  # label_name: "LabelName", # required
@@ -4290,8 +5020,9 @@ module Aws::WAFV2
4290
5020
  #
4291
5021
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
4292
5022
  # in the rule group are evaluated. If you want the rules in the rule
4293
- # group to only count matches, do not use this and instead exclude
4294
- # those rules in your rule group reference statement settings.
5023
+ # group to only count matches, do not use this and instead use the
5024
+ # rule action override option, with `Count` action, in your rule group
5025
+ # reference statement settings.
4295
5026
  #
4296
5027
  # </note>
4297
5028
  # @return [Types::OverrideAction]
@@ -5671,8 +6402,9 @@ module Aws::WAFV2
5671
6402
  include Aws::Structure
5672
6403
  end
5673
6404
 
5674
- # Determines how long a `CAPTCHA` token remains valid after the client
5675
- # successfully solves a `CAPTCHA` puzzle.
6405
+ # Used for CAPTCHA and challenge token settings. Determines how long a
6406
+ # `CAPTCHA` or challenge timestamp remains valid after WAF updates it
6407
+ # for a successful `CAPTCHA` or challenge response.
5676
6408
  #
5677
6409
  # @note When making an API call, you may pass ImmunityTimeProperty
5678
6410
  # data as a hash:
@@ -5682,8 +6414,10 @@ module Aws::WAFV2
5682
6414
  # }
5683
6415
  #
5684
6416
  # @!attribute [rw] immunity_time
5685
- # The amount of time, in seconds, that a `CAPTCHA` token is valid. The
5686
- # default setting is 300.
6417
+ # The amount of time, in seconds, that a `CAPTCHA` or challenge
6418
+ # timestamp is considered valid by WAF. The default setting is 300.
6419
+ #
6420
+ # For the Challenge action, the minimum setting is 300.
5687
6421
  # @return [Integer]
5688
6422
  #
5689
6423
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ImmunityTimeProperty AWS API Documentation
@@ -6819,7 +7553,7 @@ module Aws::WAFV2
6819
7553
  # conditions: [ # required
6820
7554
  # {
6821
7555
  # action_condition: {
6822
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
7556
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
6823
7557
  # },
6824
7558
  # label_name_condition: {
6825
7559
  # label_name: "LabelName", # required
@@ -6899,7 +7633,7 @@ module Aws::WAFV2
6899
7633
  # conditions: [ # required
6900
7634
  # {
6901
7635
  # action_condition: {
6902
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
7636
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
6903
7637
  # },
6904
7638
  # label_name_condition: {
6905
7639
  # label_name: "LabelName", # required
@@ -6929,19 +7663,12 @@ module Aws::WAFV2
6929
7663
  include Aws::Structure
6930
7664
  end
6931
7665
 
6932
- # Additional information that's used by a managed rule group. Most
7666
+ # Additional information that's used by a managed rule group. Many
6933
7667
  # managed rule groups don't require this.
6934
7668
  #
6935
- # Use this for the account takeover prevention managed rule group
6936
- # `AWSManagedRulesATPRuleSet`, to provide information about the sign-in
6937
- # page of your application.
6938
- #
6939
- # You can provide multiple individual `ManagedRuleGroupConfig` objects
6940
- # for any rule group configuration, for example `UsernameField` and
6941
- # `PasswordField`. The configuration that you provide depends on the
6942
- # needs of the managed rule group. For the ATP managed rule group, you
6943
- # provide the following individual configuration objects: `LoginPath`,
6944
- # `PasswordField`, `PayloadType` and `UsernameField`.
7669
+ # Use the `AWSManagedRulesBotControlRuleSet` configuration object to
7670
+ # configure the protection level that you want the Bot Control rule
7671
+ # group to use.
6945
7672
  #
6946
7673
  # For example specifications, see the examples section of CreateWebACL.
6947
7674
  #
@@ -6957,6 +7684,9 @@ module Aws::WAFV2
6957
7684
  # password_field: {
6958
7685
  # identifier: "FieldIdentifier", # required
6959
7686
  # },
7687
+ # aws_managed_rules_bot_control_rule_set: {
7688
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
7689
+ # },
6960
7690
  # }
6961
7691
  #
6962
7692
  # @!attribute [rw] login_path
@@ -6978,13 +7708,27 @@ module Aws::WAFV2
6978
7708
  # Details about your login page password field.
6979
7709
  # @return [Types::PasswordField]
6980
7710
  #
7711
+ # @!attribute [rw] aws_managed_rules_bot_control_rule_set
7712
+ # Additional configuration for using the Bot Control managed rule
7713
+ # group. Use this to specify the inspection level that you want to
7714
+ # use. For information about using the Bot Control managed rule group,
7715
+ # see [WAF Bot Control rule group][1] and [WAF Bot Control][2] in the
7716
+ # *WAF Developer Guide*.
7717
+ #
7718
+ #
7719
+ #
7720
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html
7721
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html
7722
+ # @return [Types::AWSManagedRulesBotControlRuleSet]
7723
+ #
6981
7724
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupConfig AWS API Documentation
6982
7725
  #
6983
7726
  class ManagedRuleGroupConfig < Struct.new(
6984
7727
  :login_path,
6985
7728
  :payload_type,
6986
7729
  :username_field,
6987
- :password_field)
7730
+ :password_field,
7731
+ :aws_managed_rules_bot_control_rule_set)
6988
7732
  SENSITIVE = []
6989
7733
  include Aws::Structure
6990
7734
  end
@@ -7270,6 +8014,65 @@ module Aws::WAFV2
7270
8014
  # name: "EntityName", # required
7271
8015
  # },
7272
8016
  # ],
8017
+ # rule_action_overrides: [
8018
+ # {
8019
+ # name: "EntityName", # required
8020
+ # action_to_use: { # required
8021
+ # block: {
8022
+ # custom_response: {
8023
+ # response_code: 1, # required
8024
+ # custom_response_body_key: "EntityName",
8025
+ # response_headers: [
8026
+ # {
8027
+ # name: "CustomHTTPHeaderName", # required
8028
+ # value: "CustomHTTPHeaderValue", # required
8029
+ # },
8030
+ # ],
8031
+ # },
8032
+ # },
8033
+ # allow: {
8034
+ # custom_request_handling: {
8035
+ # insert_headers: [ # required
8036
+ # {
8037
+ # name: "CustomHTTPHeaderName", # required
8038
+ # value: "CustomHTTPHeaderValue", # required
8039
+ # },
8040
+ # ],
8041
+ # },
8042
+ # },
8043
+ # count: {
8044
+ # custom_request_handling: {
8045
+ # insert_headers: [ # required
8046
+ # {
8047
+ # name: "CustomHTTPHeaderName", # required
8048
+ # value: "CustomHTTPHeaderValue", # required
8049
+ # },
8050
+ # ],
8051
+ # },
8052
+ # },
8053
+ # captcha: {
8054
+ # custom_request_handling: {
8055
+ # insert_headers: [ # required
8056
+ # {
8057
+ # name: "CustomHTTPHeaderName", # required
8058
+ # value: "CustomHTTPHeaderValue", # required
8059
+ # },
8060
+ # ],
8061
+ # },
8062
+ # },
8063
+ # challenge: {
8064
+ # custom_request_handling: {
8065
+ # insert_headers: [ # required
8066
+ # {
8067
+ # name: "CustomHTTPHeaderName", # required
8068
+ # value: "CustomHTTPHeaderValue", # required
8069
+ # },
8070
+ # ],
8071
+ # },
8072
+ # },
8073
+ # },
8074
+ # },
8075
+ # ],
7273
8076
  # },
7274
8077
  # ip_set_reference_statement: {
7275
8078
  # arn: "ResourceArn", # required
@@ -7389,6 +8192,68 @@ module Aws::WAFV2
7389
8192
  # password_field: {
7390
8193
  # identifier: "FieldIdentifier", # required
7391
8194
  # },
8195
+ # aws_managed_rules_bot_control_rule_set: {
8196
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
8197
+ # },
8198
+ # },
8199
+ # ],
8200
+ # rule_action_overrides: [
8201
+ # {
8202
+ # name: "EntityName", # required
8203
+ # action_to_use: { # required
8204
+ # block: {
8205
+ # custom_response: {
8206
+ # response_code: 1, # required
8207
+ # custom_response_body_key: "EntityName",
8208
+ # response_headers: [
8209
+ # {
8210
+ # name: "CustomHTTPHeaderName", # required
8211
+ # value: "CustomHTTPHeaderValue", # required
8212
+ # },
8213
+ # ],
8214
+ # },
8215
+ # },
8216
+ # allow: {
8217
+ # custom_request_handling: {
8218
+ # insert_headers: [ # required
8219
+ # {
8220
+ # name: "CustomHTTPHeaderName", # required
8221
+ # value: "CustomHTTPHeaderValue", # required
8222
+ # },
8223
+ # ],
8224
+ # },
8225
+ # },
8226
+ # count: {
8227
+ # custom_request_handling: {
8228
+ # insert_headers: [ # required
8229
+ # {
8230
+ # name: "CustomHTTPHeaderName", # required
8231
+ # value: "CustomHTTPHeaderValue", # required
8232
+ # },
8233
+ # ],
8234
+ # },
8235
+ # },
8236
+ # captcha: {
8237
+ # custom_request_handling: {
8238
+ # insert_headers: [ # required
8239
+ # {
8240
+ # name: "CustomHTTPHeaderName", # required
8241
+ # value: "CustomHTTPHeaderValue", # required
8242
+ # },
8243
+ # ],
8244
+ # },
8245
+ # },
8246
+ # challenge: {
8247
+ # custom_request_handling: {
8248
+ # insert_headers: [ # required
8249
+ # {
8250
+ # name: "CustomHTTPHeaderName", # required
8251
+ # value: "CustomHTTPHeaderValue", # required
8252
+ # },
8253
+ # ],
8254
+ # },
8255
+ # },
8256
+ # },
7392
8257
  # },
7393
8258
  # ],
7394
8259
  # },
@@ -7465,6 +8330,68 @@ module Aws::WAFV2
7465
8330
  # password_field: {
7466
8331
  # identifier: "FieldIdentifier", # required
7467
8332
  # },
8333
+ # aws_managed_rules_bot_control_rule_set: {
8334
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
8335
+ # },
8336
+ # },
8337
+ # ],
8338
+ # rule_action_overrides: [
8339
+ # {
8340
+ # name: "EntityName", # required
8341
+ # action_to_use: { # required
8342
+ # block: {
8343
+ # custom_response: {
8344
+ # response_code: 1, # required
8345
+ # custom_response_body_key: "EntityName",
8346
+ # response_headers: [
8347
+ # {
8348
+ # name: "CustomHTTPHeaderName", # required
8349
+ # value: "CustomHTTPHeaderValue", # required
8350
+ # },
8351
+ # ],
8352
+ # },
8353
+ # },
8354
+ # allow: {
8355
+ # custom_request_handling: {
8356
+ # insert_headers: [ # required
8357
+ # {
8358
+ # name: "CustomHTTPHeaderName", # required
8359
+ # value: "CustomHTTPHeaderValue", # required
8360
+ # },
8361
+ # ],
8362
+ # },
8363
+ # },
8364
+ # count: {
8365
+ # custom_request_handling: {
8366
+ # insert_headers: [ # required
8367
+ # {
8368
+ # name: "CustomHTTPHeaderName", # required
8369
+ # value: "CustomHTTPHeaderValue", # required
8370
+ # },
8371
+ # ],
8372
+ # },
8373
+ # },
8374
+ # captcha: {
8375
+ # custom_request_handling: {
8376
+ # insert_headers: [ # required
8377
+ # {
8378
+ # name: "CustomHTTPHeaderName", # required
8379
+ # value: "CustomHTTPHeaderValue", # required
8380
+ # },
8381
+ # ],
8382
+ # },
8383
+ # },
8384
+ # challenge: {
8385
+ # custom_request_handling: {
8386
+ # insert_headers: [ # required
8387
+ # {
8388
+ # name: "CustomHTTPHeaderName", # required
8389
+ # value: "CustomHTTPHeaderValue", # required
8390
+ # },
8391
+ # ],
8392
+ # },
8393
+ # },
8394
+ # },
7468
8395
  # },
7469
8396
  # ],
7470
8397
  # }
@@ -7488,11 +8415,12 @@ module Aws::WAFV2
7488
8415
  # @return [String]
7489
8416
  #
7490
8417
  # @!attribute [rw] excluded_rules
7491
- # The rules in the referenced rule group whose actions are set to
7492
- # `Count`. When you exclude a rule, WAF evaluates it exactly as it
7493
- # would if the rule action setting were `Count`. This is a useful
7494
- # option for testing the rules in a rule group without modifying how
7495
- # they handle your web traffic.
8418
+ # Rules in the referenced rule group whose actions are set to `Count`.
8419
+ #
8420
+ # <note markdown="1"> Instead of this option, use `RuleActionOverrides`. It accepts any
8421
+ # valid action setting, including `Count`.
8422
+ #
8423
+ # </note>
7496
8424
  # @return [Array<Types::ExcludedRule>]
7497
8425
  #
7498
8426
  # @!attribute [rw] scope_down_statement
@@ -7505,21 +8433,26 @@ module Aws::WAFV2
7505
8433
  # @return [Types::Statement]
7506
8434
  #
7507
8435
  # @!attribute [rw] managed_rule_group_configs
7508
- # Additional information that's used by a managed rule group. Most
8436
+ # Additional information that's used by a managed rule group. Many
7509
8437
  # managed rule groups don't require this.
7510
8438
  #
7511
- # Use this for the account takeover prevention managed rule group
7512
- # `AWSManagedRulesATPRuleSet`, to provide information about the
7513
- # sign-in page of your application.
7514
- #
7515
- # You can provide multiple individual `ManagedRuleGroupConfig` objects
7516
- # for any rule group configuration, for example `UsernameField` and
7517
- # `PasswordField`. The configuration that you provide depends on the
7518
- # needs of the managed rule group. For the ATP managed rule group, you
7519
- # provide the following individual configuration objects: `LoginPath`,
7520
- # `PasswordField`, `PayloadType` and `UsernameField`.
8439
+ # Use the `AWSManagedRulesBotControlRuleSet` configuration object to
8440
+ # configure the protection level that you want the Bot Control rule
8441
+ # group to use.
7521
8442
  # @return [Array<Types::ManagedRuleGroupConfig>]
7522
8443
  #
8444
+ # @!attribute [rw] rule_action_overrides
8445
+ # Action settings to use in the place of the rule actions that are
8446
+ # configured inside the rule group. You specify one override for each
8447
+ # rule whose action you want to change.
8448
+ #
8449
+ # You can use overrides for testing, for example you can override all
8450
+ # of rule actions to `Count` and then monitor the resulting count
8451
+ # metrics to understand how the rule group would handle your web
8452
+ # traffic. You can also permanently override some or all actions, to
8453
+ # modify how the rule group manages your web traffic.
8454
+ # @return [Array<Types::RuleActionOverride>]
8455
+ #
7523
8456
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupStatement AWS API Documentation
7524
8457
  #
7525
8458
  class ManagedRuleGroupStatement < Struct.new(
@@ -7528,7 +8461,8 @@ module Aws::WAFV2
7528
8461
  :version,
7529
8462
  :excluded_rules,
7530
8463
  :scope_down_statement,
7531
- :managed_rule_group_configs)
8464
+ :managed_rule_group_configs,
8465
+ :rule_action_overrides)
7532
8466
  SENSITIVE = []
7533
8467
  include Aws::Structure
7534
8468
  end
@@ -7842,10 +8776,10 @@ module Aws::WAFV2
7842
8776
  # and tags.
7843
8777
  #
7844
8778
  # The mobile SDK is not generally available. Customers who have access
7845
- # to the mobile SDK can use it to establish and manage Security Token
7846
- # Service (STS) security tokens for use in HTTP(S) requests from a
7847
- # mobile device to WAF. For more information, see [WAF client
7848
- # application integration][1] in the *WAF Developer Guide*.
8779
+ # to the mobile SDK can use it to establish and manage WAF tokens for
8780
+ # use in HTTP(S) requests from a mobile device to WAF. For more
8781
+ # information, see [WAF client application integration][1] in the *WAF
8782
+ # Developer Guide*.
7849
8783
  #
7850
8784
  #
7851
8785
  #
@@ -8148,6 +9082,65 @@ module Aws::WAFV2
8148
9082
  # name: "EntityName", # required
8149
9083
  # },
8150
9084
  # ],
9085
+ # rule_action_overrides: [
9086
+ # {
9087
+ # name: "EntityName", # required
9088
+ # action_to_use: { # required
9089
+ # block: {
9090
+ # custom_response: {
9091
+ # response_code: 1, # required
9092
+ # custom_response_body_key: "EntityName",
9093
+ # response_headers: [
9094
+ # {
9095
+ # name: "CustomHTTPHeaderName", # required
9096
+ # value: "CustomHTTPHeaderValue", # required
9097
+ # },
9098
+ # ],
9099
+ # },
9100
+ # },
9101
+ # allow: {
9102
+ # custom_request_handling: {
9103
+ # insert_headers: [ # required
9104
+ # {
9105
+ # name: "CustomHTTPHeaderName", # required
9106
+ # value: "CustomHTTPHeaderValue", # required
9107
+ # },
9108
+ # ],
9109
+ # },
9110
+ # },
9111
+ # count: {
9112
+ # custom_request_handling: {
9113
+ # insert_headers: [ # required
9114
+ # {
9115
+ # name: "CustomHTTPHeaderName", # required
9116
+ # value: "CustomHTTPHeaderValue", # required
9117
+ # },
9118
+ # ],
9119
+ # },
9120
+ # },
9121
+ # captcha: {
9122
+ # custom_request_handling: {
9123
+ # insert_headers: [ # required
9124
+ # {
9125
+ # name: "CustomHTTPHeaderName", # required
9126
+ # value: "CustomHTTPHeaderValue", # required
9127
+ # },
9128
+ # ],
9129
+ # },
9130
+ # },
9131
+ # challenge: {
9132
+ # custom_request_handling: {
9133
+ # insert_headers: [ # required
9134
+ # {
9135
+ # name: "CustomHTTPHeaderName", # required
9136
+ # value: "CustomHTTPHeaderValue", # required
9137
+ # },
9138
+ # ],
9139
+ # },
9140
+ # },
9141
+ # },
9142
+ # },
9143
+ # ],
8151
9144
  # },
8152
9145
  # ip_set_reference_statement: {
8153
9146
  # arn: "ResourceArn", # required
@@ -8267,6 +9260,68 @@ module Aws::WAFV2
8267
9260
  # password_field: {
8268
9261
  # identifier: "FieldIdentifier", # required
8269
9262
  # },
9263
+ # aws_managed_rules_bot_control_rule_set: {
9264
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
9265
+ # },
9266
+ # },
9267
+ # ],
9268
+ # rule_action_overrides: [
9269
+ # {
9270
+ # name: "EntityName", # required
9271
+ # action_to_use: { # required
9272
+ # block: {
9273
+ # custom_response: {
9274
+ # response_code: 1, # required
9275
+ # custom_response_body_key: "EntityName",
9276
+ # response_headers: [
9277
+ # {
9278
+ # name: "CustomHTTPHeaderName", # required
9279
+ # value: "CustomHTTPHeaderValue", # required
9280
+ # },
9281
+ # ],
9282
+ # },
9283
+ # },
9284
+ # allow: {
9285
+ # custom_request_handling: {
9286
+ # insert_headers: [ # required
9287
+ # {
9288
+ # name: "CustomHTTPHeaderName", # required
9289
+ # value: "CustomHTTPHeaderValue", # required
9290
+ # },
9291
+ # ],
9292
+ # },
9293
+ # },
9294
+ # count: {
9295
+ # custom_request_handling: {
9296
+ # insert_headers: [ # required
9297
+ # {
9298
+ # name: "CustomHTTPHeaderName", # required
9299
+ # value: "CustomHTTPHeaderValue", # required
9300
+ # },
9301
+ # ],
9302
+ # },
9303
+ # },
9304
+ # captcha: {
9305
+ # custom_request_handling: {
9306
+ # insert_headers: [ # required
9307
+ # {
9308
+ # name: "CustomHTTPHeaderName", # required
9309
+ # value: "CustomHTTPHeaderValue", # required
9310
+ # },
9311
+ # ],
9312
+ # },
9313
+ # },
9314
+ # challenge: {
9315
+ # custom_request_handling: {
9316
+ # insert_headers: [ # required
9317
+ # {
9318
+ # name: "CustomHTTPHeaderName", # required
9319
+ # value: "CustomHTTPHeaderValue", # required
9320
+ # },
9321
+ # ],
9322
+ # },
9323
+ # },
9324
+ # },
8270
9325
  # },
8271
9326
  # ],
8272
9327
  # },
@@ -8604,6 +9659,65 @@ module Aws::WAFV2
8604
9659
  # name: "EntityName", # required
8605
9660
  # },
8606
9661
  # ],
9662
+ # rule_action_overrides: [
9663
+ # {
9664
+ # name: "EntityName", # required
9665
+ # action_to_use: { # required
9666
+ # block: {
9667
+ # custom_response: {
9668
+ # response_code: 1, # required
9669
+ # custom_response_body_key: "EntityName",
9670
+ # response_headers: [
9671
+ # {
9672
+ # name: "CustomHTTPHeaderName", # required
9673
+ # value: "CustomHTTPHeaderValue", # required
9674
+ # },
9675
+ # ],
9676
+ # },
9677
+ # },
9678
+ # allow: {
9679
+ # custom_request_handling: {
9680
+ # insert_headers: [ # required
9681
+ # {
9682
+ # name: "CustomHTTPHeaderName", # required
9683
+ # value: "CustomHTTPHeaderValue", # required
9684
+ # },
9685
+ # ],
9686
+ # },
9687
+ # },
9688
+ # count: {
9689
+ # custom_request_handling: {
9690
+ # insert_headers: [ # required
9691
+ # {
9692
+ # name: "CustomHTTPHeaderName", # required
9693
+ # value: "CustomHTTPHeaderValue", # required
9694
+ # },
9695
+ # ],
9696
+ # },
9697
+ # },
9698
+ # captcha: {
9699
+ # custom_request_handling: {
9700
+ # insert_headers: [ # required
9701
+ # {
9702
+ # name: "CustomHTTPHeaderName", # required
9703
+ # value: "CustomHTTPHeaderValue", # required
9704
+ # },
9705
+ # ],
9706
+ # },
9707
+ # },
9708
+ # challenge: {
9709
+ # custom_request_handling: {
9710
+ # insert_headers: [ # required
9711
+ # {
9712
+ # name: "CustomHTTPHeaderName", # required
9713
+ # value: "CustomHTTPHeaderValue", # required
9714
+ # },
9715
+ # ],
9716
+ # },
9717
+ # },
9718
+ # },
9719
+ # },
9720
+ # ],
8607
9721
  # },
8608
9722
  # ip_set_reference_statement: {
8609
9723
  # arn: "ResourceArn", # required
@@ -8719,6 +9833,68 @@ module Aws::WAFV2
8719
9833
  # password_field: {
8720
9834
  # identifier: "FieldIdentifier", # required
8721
9835
  # },
9836
+ # aws_managed_rules_bot_control_rule_set: {
9837
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
9838
+ # },
9839
+ # },
9840
+ # ],
9841
+ # rule_action_overrides: [
9842
+ # {
9843
+ # name: "EntityName", # required
9844
+ # action_to_use: { # required
9845
+ # block: {
9846
+ # custom_response: {
9847
+ # response_code: 1, # required
9848
+ # custom_response_body_key: "EntityName",
9849
+ # response_headers: [
9850
+ # {
9851
+ # name: "CustomHTTPHeaderName", # required
9852
+ # value: "CustomHTTPHeaderValue", # required
9853
+ # },
9854
+ # ],
9855
+ # },
9856
+ # },
9857
+ # allow: {
9858
+ # custom_request_handling: {
9859
+ # insert_headers: [ # required
9860
+ # {
9861
+ # name: "CustomHTTPHeaderName", # required
9862
+ # value: "CustomHTTPHeaderValue", # required
9863
+ # },
9864
+ # ],
9865
+ # },
9866
+ # },
9867
+ # count: {
9868
+ # custom_request_handling: {
9869
+ # insert_headers: [ # required
9870
+ # {
9871
+ # name: "CustomHTTPHeaderName", # required
9872
+ # value: "CustomHTTPHeaderValue", # required
9873
+ # },
9874
+ # ],
9875
+ # },
9876
+ # },
9877
+ # captcha: {
9878
+ # custom_request_handling: {
9879
+ # insert_headers: [ # required
9880
+ # {
9881
+ # name: "CustomHTTPHeaderName", # required
9882
+ # value: "CustomHTTPHeaderValue", # required
9883
+ # },
9884
+ # ],
9885
+ # },
9886
+ # },
9887
+ # challenge: {
9888
+ # custom_request_handling: {
9889
+ # insert_headers: [ # required
9890
+ # {
9891
+ # name: "CustomHTTPHeaderName", # required
9892
+ # value: "CustomHTTPHeaderValue", # required
9893
+ # },
9894
+ # ],
9895
+ # },
9896
+ # },
9897
+ # },
8722
9898
  # },
8723
9899
  # ],
8724
9900
  # },
@@ -8811,8 +9987,9 @@ module Aws::WAFV2
8811
9987
  #
8812
9988
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
8813
9989
  # in the rule group are evaluated. If you want the rules in the rule
8814
- # group to only count matches, do not use this and instead exclude those
8815
- # rules in your rule group reference statement settings.
9990
+ # group to only count matches, do not use this and instead use the rule
9991
+ # action override option, with `Count` action, in your rule group
9992
+ # reference statement settings.
8816
9993
  #
8817
9994
  # </note>
8818
9995
  #
@@ -8839,8 +10016,9 @@ module Aws::WAFV2
8839
10016
  #
8840
10017
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
8841
10018
  # in the rule group are evaluated. If you want the rules in the rule
8842
- # group to only count matches, do not use this and instead exclude
8843
- # those rules in your rule group reference statement settings.
10019
+ # group to only count matches, do not use this and instead use the
10020
+ # rule action override option, with `Count` action, in your rule group
10021
+ # reference statement settings.
8844
10022
  #
8845
10023
  # </note>
8846
10024
  # @return [Types::CountAction]
@@ -8948,7 +10126,7 @@ module Aws::WAFV2
8948
10126
  # conditions: [ # required
8949
10127
  # {
8950
10128
  # action_condition: {
8951
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
10129
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
8952
10130
  # },
8953
10131
  # label_name_condition: {
8954
10132
  # label_name: "LabelName", # required
@@ -9448,6 +10626,65 @@ module Aws::WAFV2
9448
10626
  # name: "EntityName", # required
9449
10627
  # },
9450
10628
  # ],
10629
+ # rule_action_overrides: [
10630
+ # {
10631
+ # name: "EntityName", # required
10632
+ # action_to_use: { # required
10633
+ # block: {
10634
+ # custom_response: {
10635
+ # response_code: 1, # required
10636
+ # custom_response_body_key: "EntityName",
10637
+ # response_headers: [
10638
+ # {
10639
+ # name: "CustomHTTPHeaderName", # required
10640
+ # value: "CustomHTTPHeaderValue", # required
10641
+ # },
10642
+ # ],
10643
+ # },
10644
+ # },
10645
+ # allow: {
10646
+ # custom_request_handling: {
10647
+ # insert_headers: [ # required
10648
+ # {
10649
+ # name: "CustomHTTPHeaderName", # required
10650
+ # value: "CustomHTTPHeaderValue", # required
10651
+ # },
10652
+ # ],
10653
+ # },
10654
+ # },
10655
+ # count: {
10656
+ # custom_request_handling: {
10657
+ # insert_headers: [ # required
10658
+ # {
10659
+ # name: "CustomHTTPHeaderName", # required
10660
+ # value: "CustomHTTPHeaderValue", # required
10661
+ # },
10662
+ # ],
10663
+ # },
10664
+ # },
10665
+ # captcha: {
10666
+ # custom_request_handling: {
10667
+ # insert_headers: [ # required
10668
+ # {
10669
+ # name: "CustomHTTPHeaderName", # required
10670
+ # value: "CustomHTTPHeaderValue", # required
10671
+ # },
10672
+ # ],
10673
+ # },
10674
+ # },
10675
+ # challenge: {
10676
+ # custom_request_handling: {
10677
+ # insert_headers: [ # required
10678
+ # {
10679
+ # name: "CustomHTTPHeaderName", # required
10680
+ # value: "CustomHTTPHeaderValue", # required
10681
+ # },
10682
+ # ],
10683
+ # },
10684
+ # },
10685
+ # },
10686
+ # },
10687
+ # ],
9451
10688
  # },
9452
10689
  # ip_set_reference_statement: {
9453
10690
  # arn: "ResourceArn", # required
@@ -9567,6 +10804,68 @@ module Aws::WAFV2
9567
10804
  # password_field: {
9568
10805
  # identifier: "FieldIdentifier", # required
9569
10806
  # },
10807
+ # aws_managed_rules_bot_control_rule_set: {
10808
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
10809
+ # },
10810
+ # },
10811
+ # ],
10812
+ # rule_action_overrides: [
10813
+ # {
10814
+ # name: "EntityName", # required
10815
+ # action_to_use: { # required
10816
+ # block: {
10817
+ # custom_response: {
10818
+ # response_code: 1, # required
10819
+ # custom_response_body_key: "EntityName",
10820
+ # response_headers: [
10821
+ # {
10822
+ # name: "CustomHTTPHeaderName", # required
10823
+ # value: "CustomHTTPHeaderValue", # required
10824
+ # },
10825
+ # ],
10826
+ # },
10827
+ # },
10828
+ # allow: {
10829
+ # custom_request_handling: {
10830
+ # insert_headers: [ # required
10831
+ # {
10832
+ # name: "CustomHTTPHeaderName", # required
10833
+ # value: "CustomHTTPHeaderValue", # required
10834
+ # },
10835
+ # ],
10836
+ # },
10837
+ # },
10838
+ # count: {
10839
+ # custom_request_handling: {
10840
+ # insert_headers: [ # required
10841
+ # {
10842
+ # name: "CustomHTTPHeaderName", # required
10843
+ # value: "CustomHTTPHeaderValue", # required
10844
+ # },
10845
+ # ],
10846
+ # },
10847
+ # },
10848
+ # captcha: {
10849
+ # custom_request_handling: {
10850
+ # insert_headers: [ # required
10851
+ # {
10852
+ # name: "CustomHTTPHeaderName", # required
10853
+ # value: "CustomHTTPHeaderValue", # required
10854
+ # },
10855
+ # ],
10856
+ # },
10857
+ # },
10858
+ # challenge: {
10859
+ # custom_request_handling: {
10860
+ # insert_headers: [ # required
10861
+ # {
10862
+ # name: "CustomHTTPHeaderName", # required
10863
+ # value: "CustomHTTPHeaderValue", # required
10864
+ # },
10865
+ # ],
10866
+ # },
10867
+ # },
10868
+ # },
9570
10869
  # },
9571
10870
  # ],
9572
10871
  # },
@@ -10294,6 +11593,65 @@ module Aws::WAFV2
10294
11593
  # name: "EntityName", # required
10295
11594
  # },
10296
11595
  # ],
11596
+ # rule_action_overrides: [
11597
+ # {
11598
+ # name: "EntityName", # required
11599
+ # action_to_use: { # required
11600
+ # block: {
11601
+ # custom_response: {
11602
+ # response_code: 1, # required
11603
+ # custom_response_body_key: "EntityName",
11604
+ # response_headers: [
11605
+ # {
11606
+ # name: "CustomHTTPHeaderName", # required
11607
+ # value: "CustomHTTPHeaderValue", # required
11608
+ # },
11609
+ # ],
11610
+ # },
11611
+ # },
11612
+ # allow: {
11613
+ # custom_request_handling: {
11614
+ # insert_headers: [ # required
11615
+ # {
11616
+ # name: "CustomHTTPHeaderName", # required
11617
+ # value: "CustomHTTPHeaderValue", # required
11618
+ # },
11619
+ # ],
11620
+ # },
11621
+ # },
11622
+ # count: {
11623
+ # custom_request_handling: {
11624
+ # insert_headers: [ # required
11625
+ # {
11626
+ # name: "CustomHTTPHeaderName", # required
11627
+ # value: "CustomHTTPHeaderValue", # required
11628
+ # },
11629
+ # ],
11630
+ # },
11631
+ # },
11632
+ # captcha: {
11633
+ # custom_request_handling: {
11634
+ # insert_headers: [ # required
11635
+ # {
11636
+ # name: "CustomHTTPHeaderName", # required
11637
+ # value: "CustomHTTPHeaderValue", # required
11638
+ # },
11639
+ # ],
11640
+ # },
11641
+ # },
11642
+ # challenge: {
11643
+ # custom_request_handling: {
11644
+ # insert_headers: [ # required
11645
+ # {
11646
+ # name: "CustomHTTPHeaderName", # required
11647
+ # value: "CustomHTTPHeaderValue", # required
11648
+ # },
11649
+ # ],
11650
+ # },
11651
+ # },
11652
+ # },
11653
+ # },
11654
+ # ],
10297
11655
  # },
10298
11656
  # ip_set_reference_statement: {
10299
11657
  # arn: "ResourceArn", # required
@@ -10413,6 +11771,68 @@ module Aws::WAFV2
10413
11771
  # password_field: {
10414
11772
  # identifier: "FieldIdentifier", # required
10415
11773
  # },
11774
+ # aws_managed_rules_bot_control_rule_set: {
11775
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
11776
+ # },
11777
+ # },
11778
+ # ],
11779
+ # rule_action_overrides: [
11780
+ # {
11781
+ # name: "EntityName", # required
11782
+ # action_to_use: { # required
11783
+ # block: {
11784
+ # custom_response: {
11785
+ # response_code: 1, # required
11786
+ # custom_response_body_key: "EntityName",
11787
+ # response_headers: [
11788
+ # {
11789
+ # name: "CustomHTTPHeaderName", # required
11790
+ # value: "CustomHTTPHeaderValue", # required
11791
+ # },
11792
+ # ],
11793
+ # },
11794
+ # },
11795
+ # allow: {
11796
+ # custom_request_handling: {
11797
+ # insert_headers: [ # required
11798
+ # {
11799
+ # name: "CustomHTTPHeaderName", # required
11800
+ # value: "CustomHTTPHeaderValue", # required
11801
+ # },
11802
+ # ],
11803
+ # },
11804
+ # },
11805
+ # count: {
11806
+ # custom_request_handling: {
11807
+ # insert_headers: [ # required
11808
+ # {
11809
+ # name: "CustomHTTPHeaderName", # required
11810
+ # value: "CustomHTTPHeaderValue", # required
11811
+ # },
11812
+ # ],
11813
+ # },
11814
+ # },
11815
+ # captcha: {
11816
+ # custom_request_handling: {
11817
+ # insert_headers: [ # required
11818
+ # {
11819
+ # name: "CustomHTTPHeaderName", # required
11820
+ # value: "CustomHTTPHeaderValue", # required
11821
+ # },
11822
+ # ],
11823
+ # },
11824
+ # },
11825
+ # challenge: {
11826
+ # custom_request_handling: {
11827
+ # insert_headers: [ # required
11828
+ # {
11829
+ # name: "CustomHTTPHeaderName", # required
11830
+ # value: "CustomHTTPHeaderValue", # required
11831
+ # },
11832
+ # ],
11833
+ # },
11834
+ # },
11835
+ # },
10416
11836
  # },
10417
11837
  # ],
10418
11838
  # },
@@ -10522,6 +11942,16 @@ module Aws::WAFV2
10522
11942
  # ],
10523
11943
  # },
10524
11944
  # },
11945
+ # challenge: {
11946
+ # custom_request_handling: {
11947
+ # insert_headers: [ # required
11948
+ # {
11949
+ # name: "CustomHTTPHeaderName", # required
11950
+ # value: "CustomHTTPHeaderValue", # required
11951
+ # },
11952
+ # ],
11953
+ # },
11954
+ # },
10525
11955
  # },
10526
11956
  # override_action: {
10527
11957
  # count: {
@@ -10552,6 +11982,11 @@ module Aws::WAFV2
10552
11982
  # immunity_time: 1, # required
10553
11983
  # },
10554
11984
  # },
11985
+ # challenge_config: {
11986
+ # immunity_time_property: {
11987
+ # immunity_time: 1, # required
11988
+ # },
11989
+ # },
10555
11990
  # }
10556
11991
  #
10557
11992
  # @!attribute [rw] name
@@ -10603,8 +12038,9 @@ module Aws::WAFV2
10603
12038
  #
10604
12039
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
10605
12040
  # in the rule group are evaluated. If you want the rules in the rule
10606
- # group to only count matches, do not use this and instead exclude
10607
- # those rules in your rule group reference statement settings.
12041
+ # group to only count matches, do not use this and instead use the
12042
+ # rule action override option, with `Count` action, in your rule group
12043
+ # reference statement settings.
10608
12044
  #
10609
12045
  # </note>
10610
12046
  # @return [Types::OverrideAction]
@@ -10646,6 +12082,12 @@ module Aws::WAFV2
10646
12082
  # for the web ACL.
10647
12083
  # @return [Types::CaptchaConfig]
10648
12084
  #
12085
+ # @!attribute [rw] challenge_config
12086
+ # Specifies how WAF should handle `Challenge` evaluations. If you
12087
+ # don't specify this, WAF uses the challenge configuration that's
12088
+ # defined for the web ACL.
12089
+ # @return [Types::ChallengeConfig]
12090
+ #
10649
12091
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Rule AWS API Documentation
10650
12092
  #
10651
12093
  class Rule < Struct.new(
@@ -10656,7 +12098,8 @@ module Aws::WAFV2
10656
12098
  :override_action,
10657
12099
  :rule_labels,
10658
12100
  :visibility_config,
10659
- :captcha_config)
12101
+ :captcha_config,
12102
+ :challenge_config)
10660
12103
  SENSITIVE = []
10661
12104
  include Aws::Structure
10662
12105
  end
@@ -10711,6 +12154,16 @@ module Aws::WAFV2
10711
12154
  # ],
10712
12155
  # },
10713
12156
  # },
12157
+ # challenge: {
12158
+ # custom_request_handling: {
12159
+ # insert_headers: [ # required
12160
+ # {
12161
+ # name: "CustomHTTPHeaderName", # required
12162
+ # value: "CustomHTTPHeaderValue", # required
12163
+ # },
12164
+ # ],
12165
+ # },
12166
+ # },
10714
12167
  # }
10715
12168
  #
10716
12169
  # @!attribute [rw] block
@@ -10730,13 +12183,107 @@ module Aws::WAFV2
10730
12183
  # Instructs WAF to run a `CAPTCHA` check against the web request.
10731
12184
  # @return [Types::CaptchaAction]
10732
12185
  #
12186
+ # @!attribute [rw] challenge
12187
+ # Instructs WAF to run a `Challenge` check against the web request.
12188
+ # @return [Types::ChallengeAction]
12189
+ #
10733
12190
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleAction AWS API Documentation
10734
12191
  #
10735
12192
  class RuleAction < Struct.new(
10736
12193
  :block,
10737
12194
  :allow,
10738
12195
  :count,
10739
- :captcha)
12196
+ :captcha,
12197
+ :challenge)
12198
+ SENSITIVE = []
12199
+ include Aws::Structure
12200
+ end
12201
+
12202
+ # Action setting to use in the place of a rule action that is configured
12203
+ # inside the rule group. You specify one override for each rule whose
12204
+ # action you want to change.
12205
+ #
12206
+ # You can use overrides for testing, for example you can override all of
12207
+ # rule actions to `Count` and then monitor the resulting count metrics
12208
+ # to understand how the rule group would handle your web traffic. You
12209
+ # can also permanently override some or all actions, to modify how the
12210
+ # rule group manages your web traffic.
12211
+ #
12212
+ # @note When making an API call, you may pass RuleActionOverride
12213
+ # data as a hash:
12214
+ #
12215
+ # {
12216
+ # name: "EntityName", # required
12217
+ # action_to_use: { # required
12218
+ # block: {
12219
+ # custom_response: {
12220
+ # response_code: 1, # required
12221
+ # custom_response_body_key: "EntityName",
12222
+ # response_headers: [
12223
+ # {
12224
+ # name: "CustomHTTPHeaderName", # required
12225
+ # value: "CustomHTTPHeaderValue", # required
12226
+ # },
12227
+ # ],
12228
+ # },
12229
+ # },
12230
+ # allow: {
12231
+ # custom_request_handling: {
12232
+ # insert_headers: [ # required
12233
+ # {
12234
+ # name: "CustomHTTPHeaderName", # required
12235
+ # value: "CustomHTTPHeaderValue", # required
12236
+ # },
12237
+ # ],
12238
+ # },
12239
+ # },
12240
+ # count: {
12241
+ # custom_request_handling: {
12242
+ # insert_headers: [ # required
12243
+ # {
12244
+ # name: "CustomHTTPHeaderName", # required
12245
+ # value: "CustomHTTPHeaderValue", # required
12246
+ # },
12247
+ # ],
12248
+ # },
12249
+ # },
12250
+ # captcha: {
12251
+ # custom_request_handling: {
12252
+ # insert_headers: [ # required
12253
+ # {
12254
+ # name: "CustomHTTPHeaderName", # required
12255
+ # value: "CustomHTTPHeaderValue", # required
12256
+ # },
12257
+ # ],
12258
+ # },
12259
+ # },
12260
+ # challenge: {
12261
+ # custom_request_handling: {
12262
+ # insert_headers: [ # required
12263
+ # {
12264
+ # name: "CustomHTTPHeaderName", # required
12265
+ # value: "CustomHTTPHeaderValue", # required
12266
+ # },
12267
+ # ],
12268
+ # },
12269
+ # },
12270
+ # },
12271
+ # }
12272
+ #
12273
+ # @!attribute [rw] name
12274
+ # The name of the rule to override.
12275
+ # @return [String]
12276
+ #
12277
+ # @!attribute [rw] action_to_use
12278
+ # The override action to use, in place of the configured action of the
12279
+ # rule in the rule group.
12280
+ # @return [Types::RuleAction]
12281
+ #
12282
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleActionOverride AWS API Documentation
12283
+ #
12284
+ class RuleActionOverride < Struct.new(
12285
+ :name,
12286
+ :action_to_use)
10740
12287
  SENSITIVE = []
10741
12288
  include Aws::Structure
10742
12289
  end
@@ -10883,6 +12430,65 @@ module Aws::WAFV2
10883
12430
  # name: "EntityName", # required
10884
12431
  # },
10885
12432
  # ],
12433
+ # rule_action_overrides: [
12434
+ # {
12435
+ # name: "EntityName", # required
12436
+ # action_to_use: { # required
12437
+ # block: {
12438
+ # custom_response: {
12439
+ # response_code: 1, # required
12440
+ # custom_response_body_key: "EntityName",
12441
+ # response_headers: [
12442
+ # {
12443
+ # name: "CustomHTTPHeaderName", # required
12444
+ # value: "CustomHTTPHeaderValue", # required
12445
+ # },
12446
+ # ],
12447
+ # },
12448
+ # },
12449
+ # allow: {
12450
+ # custom_request_handling: {
12451
+ # insert_headers: [ # required
12452
+ # {
12453
+ # name: "CustomHTTPHeaderName", # required
12454
+ # value: "CustomHTTPHeaderValue", # required
12455
+ # },
12456
+ # ],
12457
+ # },
12458
+ # },
12459
+ # count: {
12460
+ # custom_request_handling: {
12461
+ # insert_headers: [ # required
12462
+ # {
12463
+ # name: "CustomHTTPHeaderName", # required
12464
+ # value: "CustomHTTPHeaderValue", # required
12465
+ # },
12466
+ # ],
12467
+ # },
12468
+ # },
12469
+ # captcha: {
12470
+ # custom_request_handling: {
12471
+ # insert_headers: [ # required
12472
+ # {
12473
+ # name: "CustomHTTPHeaderName", # required
12474
+ # value: "CustomHTTPHeaderValue", # required
12475
+ # },
12476
+ # ],
12477
+ # },
12478
+ # },
12479
+ # challenge: {
12480
+ # custom_request_handling: {
12481
+ # insert_headers: [ # required
12482
+ # {
12483
+ # name: "CustomHTTPHeaderName", # required
12484
+ # value: "CustomHTTPHeaderValue", # required
12485
+ # },
12486
+ # ],
12487
+ # },
12488
+ # },
12489
+ # },
12490
+ # },
12491
+ # ],
10886
12492
  # }
10887
12493
  #
10888
12494
  # @!attribute [rw] arn
@@ -10890,18 +12496,32 @@ module Aws::WAFV2
10890
12496
  # @return [String]
10891
12497
  #
10892
12498
  # @!attribute [rw] excluded_rules
10893
- # The rules in the referenced rule group whose actions are set to
10894
- # `Count`. When you exclude a rule, WAF evaluates it exactly as it
10895
- # would if the rule action setting were `Count`. This is a useful
10896
- # option for testing the rules in a rule group without modifying how
10897
- # they handle your web traffic.
12499
+ # Rules in the referenced rule group whose actions are set to `Count`.
12500
+ #
12501
+ # <note markdown="1"> Instead of this option, use `RuleActionOverrides`. It accepts any
12502
+ # valid action setting, including `Count`.
12503
+ #
12504
+ # </note>
10898
12505
  # @return [Array<Types::ExcludedRule>]
10899
12506
  #
12507
+ # @!attribute [rw] rule_action_overrides
12508
+ # Action settings to use in the place of the rule actions that are
12509
+ # configured inside the rule group. You specify one override for each
12510
+ # rule whose action you want to change.
12511
+ #
12512
+ # You can use overrides for testing, for example you can override all
12513
+ # of rule actions to `Count` and then monitor the resulting count
12514
+ # metrics to understand how the rule group would handle your web
12515
+ # traffic. You can also permanently override some or all actions, to
12516
+ # modify how the rule group manages your web traffic.
12517
+ # @return [Array<Types::RuleActionOverride>]
12518
+ #
10900
12519
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleGroupReferenceStatement AWS API Documentation
10901
12520
  #
10902
12521
  class RuleGroupReferenceStatement < Struct.new(
10903
12522
  :arn,
10904
- :excluded_rules)
12523
+ :excluded_rules,
12524
+ :rule_action_overrides)
10905
12525
  SENSITIVE = []
10906
12526
  include Aws::Structure
10907
12527
  end
@@ -11003,8 +12623,7 @@ module Aws::WAFV2
11003
12623
  # @return [Time]
11004
12624
  #
11005
12625
  # @!attribute [rw] action
11006
- # The action for the `Rule` that the request matched: `Allow`,
11007
- # `Block`, or `Count`.
12626
+ # The action that WAF applied to the request.
11008
12627
  # @return [String]
11009
12628
  #
11010
12629
  # @!attribute [rw] rule_name_within_rule_group
@@ -11039,6 +12658,17 @@ module Aws::WAFV2
11039
12658
  # The `CAPTCHA` response for the request.
11040
12659
  # @return [Types::CaptchaResponse]
11041
12660
  #
12661
+ # @!attribute [rw] challenge_response
12662
+ # The `Challenge` response for the request.
12663
+ # @return [Types::ChallengeResponse]
12664
+ #
12665
+ # @!attribute [rw] overridden_action
12666
+ # Used only for rule group rules that have a rule action override in
12667
+ # place in the web ACL. This is the action that the rule group rule is
12668
+ # configured for, and not the action that was applied to the request.
12669
+ # The action that WAF applied is the `Action` value.
12670
+ # @return [String]
12671
+ #
11042
12672
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
11043
12673
  #
11044
12674
  class SampledHTTPRequest < Struct.new(
@@ -11050,7 +12680,9 @@ module Aws::WAFV2
11050
12680
  :request_headers_inserted,
11051
12681
  :response_code_sent,
11052
12682
  :labels,
11053
- :captcha_response)
12683
+ :captcha_response,
12684
+ :challenge_response,
12685
+ :overridden_action)
11054
12686
  SENSITIVE = []
11055
12687
  include Aws::Structure
11056
12688
  end
@@ -11588,6 +13220,65 @@ module Aws::WAFV2
11588
13220
  # name: "EntityName", # required
11589
13221
  # },
11590
13222
  # ],
13223
+ # rule_action_overrides: [
13224
+ # {
13225
+ # name: "EntityName", # required
13226
+ # action_to_use: { # required
13227
+ # block: {
13228
+ # custom_response: {
13229
+ # response_code: 1, # required
13230
+ # custom_response_body_key: "EntityName",
13231
+ # response_headers: [
13232
+ # {
13233
+ # name: "CustomHTTPHeaderName", # required
13234
+ # value: "CustomHTTPHeaderValue", # required
13235
+ # },
13236
+ # ],
13237
+ # },
13238
+ # },
13239
+ # allow: {
13240
+ # custom_request_handling: {
13241
+ # insert_headers: [ # required
13242
+ # {
13243
+ # name: "CustomHTTPHeaderName", # required
13244
+ # value: "CustomHTTPHeaderValue", # required
13245
+ # },
13246
+ # ],
13247
+ # },
13248
+ # },
13249
+ # count: {
13250
+ # custom_request_handling: {
13251
+ # insert_headers: [ # required
13252
+ # {
13253
+ # name: "CustomHTTPHeaderName", # required
13254
+ # value: "CustomHTTPHeaderValue", # required
13255
+ # },
13256
+ # ],
13257
+ # },
13258
+ # },
13259
+ # captcha: {
13260
+ # custom_request_handling: {
13261
+ # insert_headers: [ # required
13262
+ # {
13263
+ # name: "CustomHTTPHeaderName", # required
13264
+ # value: "CustomHTTPHeaderValue", # required
13265
+ # },
13266
+ # ],
13267
+ # },
13268
+ # },
13269
+ # challenge: {
13270
+ # custom_request_handling: {
13271
+ # insert_headers: [ # required
13272
+ # {
13273
+ # name: "CustomHTTPHeaderName", # required
13274
+ # value: "CustomHTTPHeaderValue", # required
13275
+ # },
13276
+ # ],
13277
+ # },
13278
+ # },
13279
+ # },
13280
+ # },
13281
+ # ],
11591
13282
  # },
11592
13283
  # ip_set_reference_statement: {
11593
13284
  # arn: "ResourceArn", # required
@@ -11906,6 +13597,65 @@ module Aws::WAFV2
11906
13597
  # name: "EntityName", # required
11907
13598
  # },
11908
13599
  # ],
13600
+ # rule_action_overrides: [
13601
+ # {
13602
+ # name: "EntityName", # required
13603
+ # action_to_use: { # required
13604
+ # block: {
13605
+ # custom_response: {
13606
+ # response_code: 1, # required
13607
+ # custom_response_body_key: "EntityName",
13608
+ # response_headers: [
13609
+ # {
13610
+ # name: "CustomHTTPHeaderName", # required
13611
+ # value: "CustomHTTPHeaderValue", # required
13612
+ # },
13613
+ # ],
13614
+ # },
13615
+ # },
13616
+ # allow: {
13617
+ # custom_request_handling: {
13618
+ # insert_headers: [ # required
13619
+ # {
13620
+ # name: "CustomHTTPHeaderName", # required
13621
+ # value: "CustomHTTPHeaderValue", # required
13622
+ # },
13623
+ # ],
13624
+ # },
13625
+ # },
13626
+ # count: {
13627
+ # custom_request_handling: {
13628
+ # insert_headers: [ # required
13629
+ # {
13630
+ # name: "CustomHTTPHeaderName", # required
13631
+ # value: "CustomHTTPHeaderValue", # required
13632
+ # },
13633
+ # ],
13634
+ # },
13635
+ # },
13636
+ # captcha: {
13637
+ # custom_request_handling: {
13638
+ # insert_headers: [ # required
13639
+ # {
13640
+ # name: "CustomHTTPHeaderName", # required
13641
+ # value: "CustomHTTPHeaderValue", # required
13642
+ # },
13643
+ # ],
13644
+ # },
13645
+ # },
13646
+ # challenge: {
13647
+ # custom_request_handling: {
13648
+ # insert_headers: [ # required
13649
+ # {
13650
+ # name: "CustomHTTPHeaderName", # required
13651
+ # value: "CustomHTTPHeaderValue", # required
13652
+ # },
13653
+ # ],
13654
+ # },
13655
+ # },
13656
+ # },
13657
+ # },
13658
+ # ],
11909
13659
  # },
11910
13660
  # ip_set_reference_statement: {
11911
13661
  # arn: "ResourceArn", # required
@@ -12017,6 +13767,68 @@ module Aws::WAFV2
12017
13767
  # password_field: {
12018
13768
  # identifier: "FieldIdentifier", # required
12019
13769
  # },
13770
+ # aws_managed_rules_bot_control_rule_set: {
13771
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
13772
+ # },
13773
+ # },
13774
+ # ],
13775
+ # rule_action_overrides: [
13776
+ # {
13777
+ # name: "EntityName", # required
13778
+ # action_to_use: { # required
13779
+ # block: {
13780
+ # custom_response: {
13781
+ # response_code: 1, # required
13782
+ # custom_response_body_key: "EntityName",
13783
+ # response_headers: [
13784
+ # {
13785
+ # name: "CustomHTTPHeaderName", # required
13786
+ # value: "CustomHTTPHeaderValue", # required
13787
+ # },
13788
+ # ],
13789
+ # },
13790
+ # },
13791
+ # allow: {
13792
+ # custom_request_handling: {
13793
+ # insert_headers: [ # required
13794
+ # {
13795
+ # name: "CustomHTTPHeaderName", # required
13796
+ # value: "CustomHTTPHeaderValue", # required
13797
+ # },
13798
+ # ],
13799
+ # },
13800
+ # },
13801
+ # count: {
13802
+ # custom_request_handling: {
13803
+ # insert_headers: [ # required
13804
+ # {
13805
+ # name: "CustomHTTPHeaderName", # required
13806
+ # value: "CustomHTTPHeaderValue", # required
13807
+ # },
13808
+ # ],
13809
+ # },
13810
+ # },
13811
+ # captcha: {
13812
+ # custom_request_handling: {
13813
+ # insert_headers: [ # required
13814
+ # {
13815
+ # name: "CustomHTTPHeaderName", # required
13816
+ # value: "CustomHTTPHeaderValue", # required
13817
+ # },
13818
+ # ],
13819
+ # },
13820
+ # },
13821
+ # challenge: {
13822
+ # custom_request_handling: {
13823
+ # insert_headers: [ # required
13824
+ # {
13825
+ # name: "CustomHTTPHeaderName", # required
13826
+ # value: "CustomHTTPHeaderValue", # required
13827
+ # },
13828
+ # ],
13829
+ # },
13830
+ # },
13831
+ # },
12020
13832
  # },
12021
13833
  # ],
12022
13834
  # },
@@ -12338,6 +14150,65 @@ module Aws::WAFV2
12338
14150
  # name: "EntityName", # required
12339
14151
  # },
12340
14152
  # ],
14153
+ # rule_action_overrides: [
14154
+ # {
14155
+ # name: "EntityName", # required
14156
+ # action_to_use: { # required
14157
+ # block: {
14158
+ # custom_response: {
14159
+ # response_code: 1, # required
14160
+ # custom_response_body_key: "EntityName",
14161
+ # response_headers: [
14162
+ # {
14163
+ # name: "CustomHTTPHeaderName", # required
14164
+ # value: "CustomHTTPHeaderValue", # required
14165
+ # },
14166
+ # ],
14167
+ # },
14168
+ # },
14169
+ # allow: {
14170
+ # custom_request_handling: {
14171
+ # insert_headers: [ # required
14172
+ # {
14173
+ # name: "CustomHTTPHeaderName", # required
14174
+ # value: "CustomHTTPHeaderValue", # required
14175
+ # },
14176
+ # ],
14177
+ # },
14178
+ # },
14179
+ # count: {
14180
+ # custom_request_handling: {
14181
+ # insert_headers: [ # required
14182
+ # {
14183
+ # name: "CustomHTTPHeaderName", # required
14184
+ # value: "CustomHTTPHeaderValue", # required
14185
+ # },
14186
+ # ],
14187
+ # },
14188
+ # },
14189
+ # captcha: {
14190
+ # custom_request_handling: {
14191
+ # insert_headers: [ # required
14192
+ # {
14193
+ # name: "CustomHTTPHeaderName", # required
14194
+ # value: "CustomHTTPHeaderValue", # required
14195
+ # },
14196
+ # ],
14197
+ # },
14198
+ # },
14199
+ # challenge: {
14200
+ # custom_request_handling: {
14201
+ # insert_headers: [ # required
14202
+ # {
14203
+ # name: "CustomHTTPHeaderName", # required
14204
+ # value: "CustomHTTPHeaderValue", # required
14205
+ # },
14206
+ # ],
14207
+ # },
14208
+ # },
14209
+ # },
14210
+ # },
14211
+ # ],
12341
14212
  # },
12342
14213
  # ip_set_reference_statement: {
12343
14214
  # arn: "ResourceArn", # required
@@ -12451,6 +14322,68 @@ module Aws::WAFV2
12451
14322
  # password_field: {
12452
14323
  # identifier: "FieldIdentifier", # required
12453
14324
  # },
14325
+ # aws_managed_rules_bot_control_rule_set: {
14326
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
14327
+ # },
14328
+ # },
14329
+ # ],
14330
+ # rule_action_overrides: [
14331
+ # {
14332
+ # name: "EntityName", # required
14333
+ # action_to_use: { # required
14334
+ # block: {
14335
+ # custom_response: {
14336
+ # response_code: 1, # required
14337
+ # custom_response_body_key: "EntityName",
14338
+ # response_headers: [
14339
+ # {
14340
+ # name: "CustomHTTPHeaderName", # required
14341
+ # value: "CustomHTTPHeaderValue", # required
14342
+ # },
14343
+ # ],
14344
+ # },
14345
+ # },
14346
+ # allow: {
14347
+ # custom_request_handling: {
14348
+ # insert_headers: [ # required
14349
+ # {
14350
+ # name: "CustomHTTPHeaderName", # required
14351
+ # value: "CustomHTTPHeaderValue", # required
14352
+ # },
14353
+ # ],
14354
+ # },
14355
+ # },
14356
+ # count: {
14357
+ # custom_request_handling: {
14358
+ # insert_headers: [ # required
14359
+ # {
14360
+ # name: "CustomHTTPHeaderName", # required
14361
+ # value: "CustomHTTPHeaderValue", # required
14362
+ # },
14363
+ # ],
14364
+ # },
14365
+ # },
14366
+ # captcha: {
14367
+ # custom_request_handling: {
14368
+ # insert_headers: [ # required
14369
+ # {
14370
+ # name: "CustomHTTPHeaderName", # required
14371
+ # value: "CustomHTTPHeaderValue", # required
14372
+ # },
14373
+ # ],
14374
+ # },
14375
+ # },
14376
+ # challenge: {
14377
+ # custom_request_handling: {
14378
+ # insert_headers: [ # required
14379
+ # {
14380
+ # name: "CustomHTTPHeaderName", # required
14381
+ # value: "CustomHTTPHeaderValue", # required
14382
+ # },
14383
+ # ],
14384
+ # },
14385
+ # },
14386
+ # },
12454
14387
  # },
12455
14388
  # ],
12456
14389
  # },
@@ -12769,6 +14702,65 @@ module Aws::WAFV2
12769
14702
  # name: "EntityName", # required
12770
14703
  # },
12771
14704
  # ],
14705
+ # rule_action_overrides: [
14706
+ # {
14707
+ # name: "EntityName", # required
14708
+ # action_to_use: { # required
14709
+ # block: {
14710
+ # custom_response: {
14711
+ # response_code: 1, # required
14712
+ # custom_response_body_key: "EntityName",
14713
+ # response_headers: [
14714
+ # {
14715
+ # name: "CustomHTTPHeaderName", # required
14716
+ # value: "CustomHTTPHeaderValue", # required
14717
+ # },
14718
+ # ],
14719
+ # },
14720
+ # },
14721
+ # allow: {
14722
+ # custom_request_handling: {
14723
+ # insert_headers: [ # required
14724
+ # {
14725
+ # name: "CustomHTTPHeaderName", # required
14726
+ # value: "CustomHTTPHeaderValue", # required
14727
+ # },
14728
+ # ],
14729
+ # },
14730
+ # },
14731
+ # count: {
14732
+ # custom_request_handling: {
14733
+ # insert_headers: [ # required
14734
+ # {
14735
+ # name: "CustomHTTPHeaderName", # required
14736
+ # value: "CustomHTTPHeaderValue", # required
14737
+ # },
14738
+ # ],
14739
+ # },
14740
+ # },
14741
+ # captcha: {
14742
+ # custom_request_handling: {
14743
+ # insert_headers: [ # required
14744
+ # {
14745
+ # name: "CustomHTTPHeaderName", # required
14746
+ # value: "CustomHTTPHeaderValue", # required
14747
+ # },
14748
+ # ],
14749
+ # },
14750
+ # },
14751
+ # challenge: {
14752
+ # custom_request_handling: {
14753
+ # insert_headers: [ # required
14754
+ # {
14755
+ # name: "CustomHTTPHeaderName", # required
14756
+ # value: "CustomHTTPHeaderValue", # required
14757
+ # },
14758
+ # ],
14759
+ # },
14760
+ # },
14761
+ # },
14762
+ # },
14763
+ # ],
12772
14764
  # },
12773
14765
  # ip_set_reference_statement: {
12774
14766
  # arn: "ResourceArn", # required
@@ -12882,6 +14874,68 @@ module Aws::WAFV2
12882
14874
  # password_field: {
12883
14875
  # identifier: "FieldIdentifier", # required
12884
14876
  # },
14877
+ # aws_managed_rules_bot_control_rule_set: {
14878
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
14879
+ # },
14880
+ # },
14881
+ # ],
14882
+ # rule_action_overrides: [
14883
+ # {
14884
+ # name: "EntityName", # required
14885
+ # action_to_use: { # required
14886
+ # block: {
14887
+ # custom_response: {
14888
+ # response_code: 1, # required
14889
+ # custom_response_body_key: "EntityName",
14890
+ # response_headers: [
14891
+ # {
14892
+ # name: "CustomHTTPHeaderName", # required
14893
+ # value: "CustomHTTPHeaderValue", # required
14894
+ # },
14895
+ # ],
14896
+ # },
14897
+ # },
14898
+ # allow: {
14899
+ # custom_request_handling: {
14900
+ # insert_headers: [ # required
14901
+ # {
14902
+ # name: "CustomHTTPHeaderName", # required
14903
+ # value: "CustomHTTPHeaderValue", # required
14904
+ # },
14905
+ # ],
14906
+ # },
14907
+ # },
14908
+ # count: {
14909
+ # custom_request_handling: {
14910
+ # insert_headers: [ # required
14911
+ # {
14912
+ # name: "CustomHTTPHeaderName", # required
14913
+ # value: "CustomHTTPHeaderValue", # required
14914
+ # },
14915
+ # ],
14916
+ # },
14917
+ # },
14918
+ # captcha: {
14919
+ # custom_request_handling: {
14920
+ # insert_headers: [ # required
14921
+ # {
14922
+ # name: "CustomHTTPHeaderName", # required
14923
+ # value: "CustomHTTPHeaderValue", # required
14924
+ # },
14925
+ # ],
14926
+ # },
14927
+ # },
14928
+ # challenge: {
14929
+ # custom_request_handling: {
14930
+ # insert_headers: [ # required
14931
+ # {
14932
+ # name: "CustomHTTPHeaderName", # required
14933
+ # value: "CustomHTTPHeaderValue", # required
14934
+ # },
14935
+ # ],
14936
+ # },
14937
+ # },
14938
+ # },
12885
14939
  # },
12886
14940
  # ],
12887
14941
  # },
@@ -13199,6 +15253,65 @@ module Aws::WAFV2
13199
15253
  # name: "EntityName", # required
13200
15254
  # },
13201
15255
  # ],
15256
+ # rule_action_overrides: [
15257
+ # {
15258
+ # name: "EntityName", # required
15259
+ # action_to_use: { # required
15260
+ # block: {
15261
+ # custom_response: {
15262
+ # response_code: 1, # required
15263
+ # custom_response_body_key: "EntityName",
15264
+ # response_headers: [
15265
+ # {
15266
+ # name: "CustomHTTPHeaderName", # required
15267
+ # value: "CustomHTTPHeaderValue", # required
15268
+ # },
15269
+ # ],
15270
+ # },
15271
+ # },
15272
+ # allow: {
15273
+ # custom_request_handling: {
15274
+ # insert_headers: [ # required
15275
+ # {
15276
+ # name: "CustomHTTPHeaderName", # required
15277
+ # value: "CustomHTTPHeaderValue", # required
15278
+ # },
15279
+ # ],
15280
+ # },
15281
+ # },
15282
+ # count: {
15283
+ # custom_request_handling: {
15284
+ # insert_headers: [ # required
15285
+ # {
15286
+ # name: "CustomHTTPHeaderName", # required
15287
+ # value: "CustomHTTPHeaderValue", # required
15288
+ # },
15289
+ # ],
15290
+ # },
15291
+ # },
15292
+ # captcha: {
15293
+ # custom_request_handling: {
15294
+ # insert_headers: [ # required
15295
+ # {
15296
+ # name: "CustomHTTPHeaderName", # required
15297
+ # value: "CustomHTTPHeaderValue", # required
15298
+ # },
15299
+ # ],
15300
+ # },
15301
+ # },
15302
+ # challenge: {
15303
+ # custom_request_handling: {
15304
+ # insert_headers: [ # required
15305
+ # {
15306
+ # name: "CustomHTTPHeaderName", # required
15307
+ # value: "CustomHTTPHeaderValue", # required
15308
+ # },
15309
+ # ],
15310
+ # },
15311
+ # },
15312
+ # },
15313
+ # },
15314
+ # ],
13202
15315
  # },
13203
15316
  # ip_set_reference_statement: {
13204
15317
  # arn: "ResourceArn", # required
@@ -13316,6 +15429,68 @@ module Aws::WAFV2
13316
15429
  # password_field: {
13317
15430
  # identifier: "FieldIdentifier", # required
13318
15431
  # },
15432
+ # aws_managed_rules_bot_control_rule_set: {
15433
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
15434
+ # },
15435
+ # },
15436
+ # ],
15437
+ # rule_action_overrides: [
15438
+ # {
15439
+ # name: "EntityName", # required
15440
+ # action_to_use: { # required
15441
+ # block: {
15442
+ # custom_response: {
15443
+ # response_code: 1, # required
15444
+ # custom_response_body_key: "EntityName",
15445
+ # response_headers: [
15446
+ # {
15447
+ # name: "CustomHTTPHeaderName", # required
15448
+ # value: "CustomHTTPHeaderValue", # required
15449
+ # },
15450
+ # ],
15451
+ # },
15452
+ # },
15453
+ # allow: {
15454
+ # custom_request_handling: {
15455
+ # insert_headers: [ # required
15456
+ # {
15457
+ # name: "CustomHTTPHeaderName", # required
15458
+ # value: "CustomHTTPHeaderValue", # required
15459
+ # },
15460
+ # ],
15461
+ # },
15462
+ # },
15463
+ # count: {
15464
+ # custom_request_handling: {
15465
+ # insert_headers: [ # required
15466
+ # {
15467
+ # name: "CustomHTTPHeaderName", # required
15468
+ # value: "CustomHTTPHeaderValue", # required
15469
+ # },
15470
+ # ],
15471
+ # },
15472
+ # },
15473
+ # captcha: {
15474
+ # custom_request_handling: {
15475
+ # insert_headers: [ # required
15476
+ # {
15477
+ # name: "CustomHTTPHeaderName", # required
15478
+ # value: "CustomHTTPHeaderValue", # required
15479
+ # },
15480
+ # ],
15481
+ # },
15482
+ # },
15483
+ # challenge: {
15484
+ # custom_request_handling: {
15485
+ # insert_headers: [ # required
15486
+ # {
15487
+ # name: "CustomHTTPHeaderName", # required
15488
+ # value: "CustomHTTPHeaderValue", # required
15489
+ # },
15490
+ # ],
15491
+ # },
15492
+ # },
15493
+ # },
13319
15494
  # },
13320
15495
  # ],
13321
15496
  # },
@@ -13640,6 +15815,65 @@ module Aws::WAFV2
13640
15815
  # name: "EntityName", # required
13641
15816
  # },
13642
15817
  # ],
15818
+ # rule_action_overrides: [
15819
+ # {
15820
+ # name: "EntityName", # required
15821
+ # action_to_use: { # required
15822
+ # block: {
15823
+ # custom_response: {
15824
+ # response_code: 1, # required
15825
+ # custom_response_body_key: "EntityName",
15826
+ # response_headers: [
15827
+ # {
15828
+ # name: "CustomHTTPHeaderName", # required
15829
+ # value: "CustomHTTPHeaderValue", # required
15830
+ # },
15831
+ # ],
15832
+ # },
15833
+ # },
15834
+ # allow: {
15835
+ # custom_request_handling: {
15836
+ # insert_headers: [ # required
15837
+ # {
15838
+ # name: "CustomHTTPHeaderName", # required
15839
+ # value: "CustomHTTPHeaderValue", # required
15840
+ # },
15841
+ # ],
15842
+ # },
15843
+ # },
15844
+ # count: {
15845
+ # custom_request_handling: {
15846
+ # insert_headers: [ # required
15847
+ # {
15848
+ # name: "CustomHTTPHeaderName", # required
15849
+ # value: "CustomHTTPHeaderValue", # required
15850
+ # },
15851
+ # ],
15852
+ # },
15853
+ # },
15854
+ # captcha: {
15855
+ # custom_request_handling: {
15856
+ # insert_headers: [ # required
15857
+ # {
15858
+ # name: "CustomHTTPHeaderName", # required
15859
+ # value: "CustomHTTPHeaderValue", # required
15860
+ # },
15861
+ # ],
15862
+ # },
15863
+ # },
15864
+ # challenge: {
15865
+ # custom_request_handling: {
15866
+ # insert_headers: [ # required
15867
+ # {
15868
+ # name: "CustomHTTPHeaderName", # required
15869
+ # value: "CustomHTTPHeaderValue", # required
15870
+ # },
15871
+ # ],
15872
+ # },
15873
+ # },
15874
+ # },
15875
+ # },
15876
+ # ],
13643
15877
  # },
13644
15878
  # ip_set_reference_statement: {
13645
15879
  # arn: "ResourceArn", # required
@@ -13813,6 +16047,68 @@ module Aws::WAFV2
13813
16047
  # password_field: {
13814
16048
  # identifier: "FieldIdentifier", # required
13815
16049
  # },
16050
+ # aws_managed_rules_bot_control_rule_set: {
16051
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
16052
+ # },
16053
+ # },
16054
+ # ],
16055
+ # rule_action_overrides: [
16056
+ # {
16057
+ # name: "EntityName", # required
16058
+ # action_to_use: { # required
16059
+ # block: {
16060
+ # custom_response: {
16061
+ # response_code: 1, # required
16062
+ # custom_response_body_key: "EntityName",
16063
+ # response_headers: [
16064
+ # {
16065
+ # name: "CustomHTTPHeaderName", # required
16066
+ # value: "CustomHTTPHeaderValue", # required
16067
+ # },
16068
+ # ],
16069
+ # },
16070
+ # },
16071
+ # allow: {
16072
+ # custom_request_handling: {
16073
+ # insert_headers: [ # required
16074
+ # {
16075
+ # name: "CustomHTTPHeaderName", # required
16076
+ # value: "CustomHTTPHeaderValue", # required
16077
+ # },
16078
+ # ],
16079
+ # },
16080
+ # },
16081
+ # count: {
16082
+ # custom_request_handling: {
16083
+ # insert_headers: [ # required
16084
+ # {
16085
+ # name: "CustomHTTPHeaderName", # required
16086
+ # value: "CustomHTTPHeaderValue", # required
16087
+ # },
16088
+ # ],
16089
+ # },
16090
+ # },
16091
+ # captcha: {
16092
+ # custom_request_handling: {
16093
+ # insert_headers: [ # required
16094
+ # {
16095
+ # name: "CustomHTTPHeaderName", # required
16096
+ # value: "CustomHTTPHeaderValue", # required
16097
+ # },
16098
+ # ],
16099
+ # },
16100
+ # },
16101
+ # challenge: {
16102
+ # custom_request_handling: {
16103
+ # insert_headers: [ # required
16104
+ # {
16105
+ # name: "CustomHTTPHeaderName", # required
16106
+ # value: "CustomHTTPHeaderValue", # required
16107
+ # },
16108
+ # ],
16109
+ # },
16110
+ # },
16111
+ # },
13816
16112
  # },
13817
16113
  # ],
13818
16114
  # },
@@ -15020,6 +17316,65 @@ module Aws::WAFV2
15020
17316
  # name: "EntityName", # required
15021
17317
  # },
15022
17318
  # ],
17319
+ # rule_action_overrides: [
17320
+ # {
17321
+ # name: "EntityName", # required
17322
+ # action_to_use: { # required
17323
+ # block: {
17324
+ # custom_response: {
17325
+ # response_code: 1, # required
17326
+ # custom_response_body_key: "EntityName",
17327
+ # response_headers: [
17328
+ # {
17329
+ # name: "CustomHTTPHeaderName", # required
17330
+ # value: "CustomHTTPHeaderValue", # required
17331
+ # },
17332
+ # ],
17333
+ # },
17334
+ # },
17335
+ # allow: {
17336
+ # custom_request_handling: {
17337
+ # insert_headers: [ # required
17338
+ # {
17339
+ # name: "CustomHTTPHeaderName", # required
17340
+ # value: "CustomHTTPHeaderValue", # required
17341
+ # },
17342
+ # ],
17343
+ # },
17344
+ # },
17345
+ # count: {
17346
+ # custom_request_handling: {
17347
+ # insert_headers: [ # required
17348
+ # {
17349
+ # name: "CustomHTTPHeaderName", # required
17350
+ # value: "CustomHTTPHeaderValue", # required
17351
+ # },
17352
+ # ],
17353
+ # },
17354
+ # },
17355
+ # captcha: {
17356
+ # custom_request_handling: {
17357
+ # insert_headers: [ # required
17358
+ # {
17359
+ # name: "CustomHTTPHeaderName", # required
17360
+ # value: "CustomHTTPHeaderValue", # required
17361
+ # },
17362
+ # ],
17363
+ # },
17364
+ # },
17365
+ # challenge: {
17366
+ # custom_request_handling: {
17367
+ # insert_headers: [ # required
17368
+ # {
17369
+ # name: "CustomHTTPHeaderName", # required
17370
+ # value: "CustomHTTPHeaderValue", # required
17371
+ # },
17372
+ # ],
17373
+ # },
17374
+ # },
17375
+ # },
17376
+ # },
17377
+ # ],
15023
17378
  # },
15024
17379
  # ip_set_reference_statement: {
15025
17380
  # arn: "ResourceArn", # required
@@ -15139,6 +17494,68 @@ module Aws::WAFV2
15139
17494
  # password_field: {
15140
17495
  # identifier: "FieldIdentifier", # required
15141
17496
  # },
17497
+ # aws_managed_rules_bot_control_rule_set: {
17498
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
17499
+ # },
17500
+ # },
17501
+ # ],
17502
+ # rule_action_overrides: [
17503
+ # {
17504
+ # name: "EntityName", # required
17505
+ # action_to_use: { # required
17506
+ # block: {
17507
+ # custom_response: {
17508
+ # response_code: 1, # required
17509
+ # custom_response_body_key: "EntityName",
17510
+ # response_headers: [
17511
+ # {
17512
+ # name: "CustomHTTPHeaderName", # required
17513
+ # value: "CustomHTTPHeaderValue", # required
17514
+ # },
17515
+ # ],
17516
+ # },
17517
+ # },
17518
+ # allow: {
17519
+ # custom_request_handling: {
17520
+ # insert_headers: [ # required
17521
+ # {
17522
+ # name: "CustomHTTPHeaderName", # required
17523
+ # value: "CustomHTTPHeaderValue", # required
17524
+ # },
17525
+ # ],
17526
+ # },
17527
+ # },
17528
+ # count: {
17529
+ # custom_request_handling: {
17530
+ # insert_headers: [ # required
17531
+ # {
17532
+ # name: "CustomHTTPHeaderName", # required
17533
+ # value: "CustomHTTPHeaderValue", # required
17534
+ # },
17535
+ # ],
17536
+ # },
17537
+ # },
17538
+ # captcha: {
17539
+ # custom_request_handling: {
17540
+ # insert_headers: [ # required
17541
+ # {
17542
+ # name: "CustomHTTPHeaderName", # required
17543
+ # value: "CustomHTTPHeaderValue", # required
17544
+ # },
17545
+ # ],
17546
+ # },
17547
+ # },
17548
+ # challenge: {
17549
+ # custom_request_handling: {
17550
+ # insert_headers: [ # required
17551
+ # {
17552
+ # name: "CustomHTTPHeaderName", # required
17553
+ # value: "CustomHTTPHeaderValue", # required
17554
+ # },
17555
+ # ],
17556
+ # },
17557
+ # },
17558
+ # },
15142
17559
  # },
15143
17560
  # ],
15144
17561
  # },
@@ -15248,6 +17665,16 @@ module Aws::WAFV2
15248
17665
  # ],
15249
17666
  # },
15250
17667
  # },
17668
+ # challenge: {
17669
+ # custom_request_handling: {
17670
+ # insert_headers: [ # required
17671
+ # {
17672
+ # name: "CustomHTTPHeaderName", # required
17673
+ # value: "CustomHTTPHeaderValue", # required
17674
+ # },
17675
+ # ],
17676
+ # },
17677
+ # },
15251
17678
  # },
15252
17679
  # override_action: {
15253
17680
  # count: {
@@ -15278,6 +17705,11 @@ module Aws::WAFV2
15278
17705
  # immunity_time: 1, # required
15279
17706
  # },
15280
17707
  # },
17708
+ # challenge_config: {
17709
+ # immunity_time_property: {
17710
+ # immunity_time: 1, # required
17711
+ # },
17712
+ # },
15281
17713
  # },
15282
17714
  # ],
15283
17715
  # visibility_config: { # required
@@ -15682,6 +18114,65 @@ module Aws::WAFV2
15682
18114
  # name: "EntityName", # required
15683
18115
  # },
15684
18116
  # ],
18117
+ # rule_action_overrides: [
18118
+ # {
18119
+ # name: "EntityName", # required
18120
+ # action_to_use: { # required
18121
+ # block: {
18122
+ # custom_response: {
18123
+ # response_code: 1, # required
18124
+ # custom_response_body_key: "EntityName",
18125
+ # response_headers: [
18126
+ # {
18127
+ # name: "CustomHTTPHeaderName", # required
18128
+ # value: "CustomHTTPHeaderValue", # required
18129
+ # },
18130
+ # ],
18131
+ # },
18132
+ # },
18133
+ # allow: {
18134
+ # custom_request_handling: {
18135
+ # insert_headers: [ # required
18136
+ # {
18137
+ # name: "CustomHTTPHeaderName", # required
18138
+ # value: "CustomHTTPHeaderValue", # required
18139
+ # },
18140
+ # ],
18141
+ # },
18142
+ # },
18143
+ # count: {
18144
+ # custom_request_handling: {
18145
+ # insert_headers: [ # required
18146
+ # {
18147
+ # name: "CustomHTTPHeaderName", # required
18148
+ # value: "CustomHTTPHeaderValue", # required
18149
+ # },
18150
+ # ],
18151
+ # },
18152
+ # },
18153
+ # captcha: {
18154
+ # custom_request_handling: {
18155
+ # insert_headers: [ # required
18156
+ # {
18157
+ # name: "CustomHTTPHeaderName", # required
18158
+ # value: "CustomHTTPHeaderValue", # required
18159
+ # },
18160
+ # ],
18161
+ # },
18162
+ # },
18163
+ # challenge: {
18164
+ # custom_request_handling: {
18165
+ # insert_headers: [ # required
18166
+ # {
18167
+ # name: "CustomHTTPHeaderName", # required
18168
+ # value: "CustomHTTPHeaderValue", # required
18169
+ # },
18170
+ # ],
18171
+ # },
18172
+ # },
18173
+ # },
18174
+ # },
18175
+ # ],
15685
18176
  # },
15686
18177
  # ip_set_reference_statement: {
15687
18178
  # arn: "ResourceArn", # required
@@ -15801,6 +18292,68 @@ module Aws::WAFV2
15801
18292
  # password_field: {
15802
18293
  # identifier: "FieldIdentifier", # required
15803
18294
  # },
18295
+ # aws_managed_rules_bot_control_rule_set: {
18296
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
18297
+ # },
18298
+ # },
18299
+ # ],
18300
+ # rule_action_overrides: [
18301
+ # {
18302
+ # name: "EntityName", # required
18303
+ # action_to_use: { # required
18304
+ # block: {
18305
+ # custom_response: {
18306
+ # response_code: 1, # required
18307
+ # custom_response_body_key: "EntityName",
18308
+ # response_headers: [
18309
+ # {
18310
+ # name: "CustomHTTPHeaderName", # required
18311
+ # value: "CustomHTTPHeaderValue", # required
18312
+ # },
18313
+ # ],
18314
+ # },
18315
+ # },
18316
+ # allow: {
18317
+ # custom_request_handling: {
18318
+ # insert_headers: [ # required
18319
+ # {
18320
+ # name: "CustomHTTPHeaderName", # required
18321
+ # value: "CustomHTTPHeaderValue", # required
18322
+ # },
18323
+ # ],
18324
+ # },
18325
+ # },
18326
+ # count: {
18327
+ # custom_request_handling: {
18328
+ # insert_headers: [ # required
18329
+ # {
18330
+ # name: "CustomHTTPHeaderName", # required
18331
+ # value: "CustomHTTPHeaderValue", # required
18332
+ # },
18333
+ # ],
18334
+ # },
18335
+ # },
18336
+ # captcha: {
18337
+ # custom_request_handling: {
18338
+ # insert_headers: [ # required
18339
+ # {
18340
+ # name: "CustomHTTPHeaderName", # required
18341
+ # value: "CustomHTTPHeaderValue", # required
18342
+ # },
18343
+ # ],
18344
+ # },
18345
+ # },
18346
+ # challenge: {
18347
+ # custom_request_handling: {
18348
+ # insert_headers: [ # required
18349
+ # {
18350
+ # name: "CustomHTTPHeaderName", # required
18351
+ # value: "CustomHTTPHeaderValue", # required
18352
+ # },
18353
+ # ],
18354
+ # },
18355
+ # },
18356
+ # },
15804
18357
  # },
15805
18358
  # ],
15806
18359
  # },
@@ -15910,6 +18463,16 @@ module Aws::WAFV2
15910
18463
  # ],
15911
18464
  # },
15912
18465
  # },
18466
+ # challenge: {
18467
+ # custom_request_handling: {
18468
+ # insert_headers: [ # required
18469
+ # {
18470
+ # name: "CustomHTTPHeaderName", # required
18471
+ # value: "CustomHTTPHeaderValue", # required
18472
+ # },
18473
+ # ],
18474
+ # },
18475
+ # },
15913
18476
  # },
15914
18477
  # override_action: {
15915
18478
  # count: {
@@ -15940,6 +18503,11 @@ module Aws::WAFV2
15940
18503
  # immunity_time: 1, # required
15941
18504
  # },
15942
18505
  # },
18506
+ # challenge_config: {
18507
+ # immunity_time_property: {
18508
+ # immunity_time: 1, # required
18509
+ # },
18510
+ # },
15943
18511
  # },
15944
18512
  # ],
15945
18513
  # visibility_config: { # required
@@ -15959,6 +18527,12 @@ module Aws::WAFV2
15959
18527
  # immunity_time: 1, # required
15960
18528
  # },
15961
18529
  # },
18530
+ # challenge_config: {
18531
+ # immunity_time_property: {
18532
+ # immunity_time: 1, # required
18533
+ # },
18534
+ # },
18535
+ # token_domains: ["TokenDomain"],
15962
18536
  # }
15963
18537
  #
15964
18538
  # @!attribute [rw] name
@@ -16047,6 +18621,26 @@ module Aws::WAFV2
16047
18621
  # specify this, WAF uses its default settings for `CaptchaConfig`.
16048
18622
  # @return [Types::CaptchaConfig]
16049
18623
  #
18624
+ # @!attribute [rw] challenge_config
18625
+ # Specifies how WAF should handle challenge evaluations for rules that
18626
+ # don't have their own `ChallengeConfig` settings. If you don't
18627
+ # specify this, WAF uses its default settings for `ChallengeConfig`.
18628
+ # @return [Types::ChallengeConfig]
18629
+ #
18630
+ # @!attribute [rw] token_domains
18631
+ # Specifies the domains that WAF should accept in a web request token.
18632
+ # This enables the use of tokens across multiple protected websites.
18633
+ # When WAF provides a token, it uses the domain of the Amazon Web
18634
+ # Services resource that the web ACL is protecting. If you don't
18635
+ # specify a list of token domains, WAF accepts tokens only for the
18636
+ # domain of the protected resource. With a token domain list, WAF
18637
+ # accepts the resource's host domain plus all domains in the token
18638
+ # domain list, including their prefixed subdomains.
18639
+ #
18640
+ # Example JSON: `"TokenDomains": \{ "mywebsite.com",
18641
+ # "myotherwebsite.com" \}`
18642
+ # @return [Array<String>]
18643
+ #
16050
18644
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
16051
18645
  #
16052
18646
  class UpdateWebACLRequest < Struct.new(
@@ -16059,7 +18653,9 @@ module Aws::WAFV2
16059
18653
  :visibility_config,
16060
18654
  :lock_token,
16061
18655
  :custom_response_bodies,
16062
- :captcha_config)
18656
+ :captcha_config,
18657
+ :challenge_config,
18658
+ :token_domains)
16063
18659
  SENSITIVE = []
16064
18660
  include Aws::Structure
16065
18661
  end
@@ -16678,6 +19274,23 @@ module Aws::WAFV2
16678
19274
  # specify this, WAF uses its default settings for `CaptchaConfig`.
16679
19275
  # @return [Types::CaptchaConfig]
16680
19276
  #
19277
+ # @!attribute [rw] challenge_config
19278
+ # Specifies how WAF should handle challenge evaluations for rules that
19279
+ # don't have their own `ChallengeConfig` settings. If you don't
19280
+ # specify this, WAF uses its default settings for `ChallengeConfig`.
19281
+ # @return [Types::ChallengeConfig]
19282
+ #
19283
+ # @!attribute [rw] token_domains
19284
+ # Specifies the domains that WAF should accept in a web request token.
19285
+ # This enables the use of tokens across multiple protected websites.
19286
+ # When WAF provides a token, it uses the domain of the Amazon Web
19287
+ # Services resource that the web ACL is protecting. If you don't
19288
+ # specify a list of token domains, WAF accepts tokens only for the
19289
+ # domain of the protected resource. With a token domain list, WAF
19290
+ # accepts the resource's host domain plus all domains in the token
19291
+ # domain list, including their prefixed subdomains.
19292
+ # @return [Array<String>]
19293
+ #
16681
19294
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
16682
19295
  #
16683
19296
  class WebACL < Struct.new(
@@ -16694,7 +19307,9 @@ module Aws::WAFV2
16694
19307
  :managed_by_firewall_manager,
16695
19308
  :label_namespace,
16696
19309
  :custom_response_bodies,
16697
- :captcha_config)
19310
+ :captcha_config,
19311
+ :challenge_config,
19312
+ :token_domains)
16698
19313
  SENSITIVE = []
16699
19314
  include Aws::Structure
16700
19315
  end