aws-sdk-wafv2 1.43.0 → 1.44.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-wafv2/client.rb +1120 -18
  5. data/lib/aws-sdk-wafv2/client_api.rb +45 -0
  6. data/lib/aws-sdk-wafv2/types.rb +2697 -82
  7. data/lib/aws-sdk-wafv2.rb +1 -1
  8. metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -10,18 +10,53 @@
10
10
  module Aws::WAFV2
11
11
  module Types
12
12
 
13
+ # Details for your use of the Bot Control managed rule group, used in
14
+ # `ManagedRuleGroupConfig`.
15
+ #
16
+ # @note When making an API call, you may pass AWSManagedRulesBotControlRuleSet
17
+ # data as a hash:
18
+ #
19
+ # {
20
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
21
+ # }
22
+ #
23
+ # @!attribute [rw] inspection_level
24
+ # The inspection level to use for the Bot Control rule group. The
25
+ # common level is the least expensive. The targeted level includes all
26
+ # common level rules and adds rules with more advanced inspection
27
+ # criteria. For details, see [WAF Bot Control rule group][1].
28
+ #
29
+ #
30
+ #
31
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html
32
+ # @return [String]
33
+ #
34
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesBotControlRuleSet AWS API Documentation
35
+ #
36
+ class AWSManagedRulesBotControlRuleSet < Struct.new(
37
+ :inspection_level)
38
+ SENSITIVE = []
39
+ include Aws::Structure
40
+ end
41
+
13
42
  # A single action condition for a Condition in a logging filter.
14
43
  #
15
44
  # @note When making an API call, you may pass ActionCondition
16
45
  # data as a hash:
17
46
  #
18
47
  # {
19
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
48
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
20
49
  # }
21
50
  #
22
51
  # @!attribute [rw] action
23
52
  # The action setting that a log record must contain in order to meet
24
- # the condition.
53
+ # the condition. This is the action that WAF applied to the web
54
+ # request.
55
+ #
56
+ # For rule groups, this is either the configured rule action setting,
57
+ # or if you've applied a rule action override to the rule, it's the
58
+ # override action. The value `EXCLUDED_AS_COUNT` matches on excluded
59
+ # rules and also on rules that have a rule action override of Count.
25
60
  # @return [String]
26
61
  #
27
62
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ActionCondition AWS API Documentation
@@ -358,6 +393,65 @@ module Aws::WAFV2
358
393
  # name: "EntityName", # required
359
394
  # },
360
395
  # ],
396
+ # rule_action_overrides: [
397
+ # {
398
+ # name: "EntityName", # required
399
+ # action_to_use: { # required
400
+ # block: {
401
+ # custom_response: {
402
+ # response_code: 1, # required
403
+ # custom_response_body_key: "EntityName",
404
+ # response_headers: [
405
+ # {
406
+ # name: "CustomHTTPHeaderName", # required
407
+ # value: "CustomHTTPHeaderValue", # required
408
+ # },
409
+ # ],
410
+ # },
411
+ # },
412
+ # allow: {
413
+ # custom_request_handling: {
414
+ # insert_headers: [ # required
415
+ # {
416
+ # name: "CustomHTTPHeaderName", # required
417
+ # value: "CustomHTTPHeaderValue", # required
418
+ # },
419
+ # ],
420
+ # },
421
+ # },
422
+ # count: {
423
+ # custom_request_handling: {
424
+ # insert_headers: [ # required
425
+ # {
426
+ # name: "CustomHTTPHeaderName", # required
427
+ # value: "CustomHTTPHeaderValue", # required
428
+ # },
429
+ # ],
430
+ # },
431
+ # },
432
+ # captcha: {
433
+ # custom_request_handling: {
434
+ # insert_headers: [ # required
435
+ # {
436
+ # name: "CustomHTTPHeaderName", # required
437
+ # value: "CustomHTTPHeaderValue", # required
438
+ # },
439
+ # ],
440
+ # },
441
+ # },
442
+ # challenge: {
443
+ # custom_request_handling: {
444
+ # insert_headers: [ # required
445
+ # {
446
+ # name: "CustomHTTPHeaderName", # required
447
+ # value: "CustomHTTPHeaderValue", # required
448
+ # },
449
+ # ],
450
+ # },
451
+ # },
452
+ # },
453
+ # },
454
+ # ],
361
455
  # },
362
456
  # ip_set_reference_statement: {
363
457
  # arn: "ResourceArn", # required
@@ -473,6 +567,68 @@ module Aws::WAFV2
473
567
  # password_field: {
474
568
  # identifier: "FieldIdentifier", # required
475
569
  # },
570
+ # aws_managed_rules_bot_control_rule_set: {
571
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
572
+ # },
573
+ # },
574
+ # ],
575
+ # rule_action_overrides: [
576
+ # {
577
+ # name: "EntityName", # required
578
+ # action_to_use: { # required
579
+ # block: {
580
+ # custom_response: {
581
+ # response_code: 1, # required
582
+ # custom_response_body_key: "EntityName",
583
+ # response_headers: [
584
+ # {
585
+ # name: "CustomHTTPHeaderName", # required
586
+ # value: "CustomHTTPHeaderValue", # required
587
+ # },
588
+ # ],
589
+ # },
590
+ # },
591
+ # allow: {
592
+ # custom_request_handling: {
593
+ # insert_headers: [ # required
594
+ # {
595
+ # name: "CustomHTTPHeaderName", # required
596
+ # value: "CustomHTTPHeaderValue", # required
597
+ # },
598
+ # ],
599
+ # },
600
+ # },
601
+ # count: {
602
+ # custom_request_handling: {
603
+ # insert_headers: [ # required
604
+ # {
605
+ # name: "CustomHTTPHeaderName", # required
606
+ # value: "CustomHTTPHeaderValue", # required
607
+ # },
608
+ # ],
609
+ # },
610
+ # },
611
+ # captcha: {
612
+ # custom_request_handling: {
613
+ # insert_headers: [ # required
614
+ # {
615
+ # name: "CustomHTTPHeaderName", # required
616
+ # value: "CustomHTTPHeaderValue", # required
617
+ # },
618
+ # ],
619
+ # },
620
+ # },
621
+ # challenge: {
622
+ # custom_request_handling: {
623
+ # insert_headers: [ # required
624
+ # {
625
+ # name: "CustomHTTPHeaderName", # required
626
+ # value: "CustomHTTPHeaderValue", # required
627
+ # },
628
+ # ],
629
+ # },
630
+ # },
631
+ # },
476
632
  # },
477
633
  # ],
478
634
  # },
@@ -864,11 +1020,12 @@ module Aws::WAFV2
864
1020
  # Specifies that WAF should run a `CAPTCHA` check against the request:
865
1021
  #
866
1022
  # * If the request includes a valid, unexpired `CAPTCHA` token, WAF
867
- # allows the web request inspection to proceed to the next rule,
868
- # similar to a `CountAction`.
1023
+ # applies any custom request handling and labels that you've
1024
+ # configured and then allows the web request inspection to proceed to
1025
+ # the next rule, similar to a `CountAction`.
869
1026
  #
870
- # * If the request doesn't include a valid, unexpired `CAPTCHA` token,
871
- # WAF discontinues the web ACL evaluation of the request and blocks it
1027
+ # * If the request doesn't include a valid, unexpired token, WAF
1028
+ # discontinues the web ACL evaluation of the request and blocks it
872
1029
  # from going to its intended destination.
873
1030
  #
874
1031
  # WAF generates a response that it sends back to the client, which
@@ -879,7 +1036,8 @@ module Aws::WAFV2
879
1036
  # * The HTTP status code `405 Method Not Allowed`.
880
1037
  #
881
1038
  # * If the request contains an `Accept` header with a value of
882
- # `text/html`, the response includes a `CAPTCHA` challenge.
1039
+ # `text/html`, the response includes a `CAPTCHA` JavaScript page
1040
+ # interstitial.
883
1041
  #
884
1042
  # You can configure the expiration time in the `CaptchaConfig`
885
1043
  # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
@@ -903,7 +1061,9 @@ module Aws::WAFV2
903
1061
  # }
904
1062
  #
905
1063
  # @!attribute [rw] custom_request_handling
906
- # Defines custom handling for the web request.
1064
+ # Defines custom handling for the web request, used when the `CAPTCHA`
1065
+ # inspection determines that the request's token is valid and
1066
+ # unexpired.
907
1067
  #
908
1068
  # For information about customizing web requests and responses, see
909
1069
  # [Customizing web requests and responses in WAF][1] in the [WAF
@@ -936,8 +1096,8 @@ module Aws::WAFV2
936
1096
  # }
937
1097
  #
938
1098
  # @!attribute [rw] immunity_time_property
939
- # Determines how long a `CAPTCHA` token remains valid after the client
940
- # successfully solves a `CAPTCHA` puzzle.
1099
+ # Determines how long a `CAPTCHA` timestamp in the token remains valid
1100
+ # after the client successfully solves a `CAPTCHA` puzzle.
941
1101
  # @return [Types::ImmunityTimeProperty]
942
1102
  #
943
1103
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaConfig AWS API Documentation
@@ -958,8 +1118,7 @@ module Aws::WAFV2
958
1118
  # @return [Integer]
959
1119
  #
960
1120
  # @!attribute [rw] solve_timestamp
961
- # The time that the `CAPTCHA` puzzle was solved for the supplied
962
- # token.
1121
+ # The time that the `CAPTCHA` was last solved for the supplied token.
963
1122
  # @return [Integer]
964
1123
  #
965
1124
  # @!attribute [rw] failure_reason
@@ -977,6 +1136,138 @@ module Aws::WAFV2
977
1136
  include Aws::Structure
978
1137
  end
979
1138
 
1139
+ # Specifies that WAF should run a `Challenge` check against the request
1140
+ # to verify that the request is coming from a legitimate client session:
1141
+ #
1142
+ # * If the request includes a valid, unexpired challenge token, WAF
1143
+ # applies any custom request handling and labels that you've
1144
+ # configured and then allows the web request inspection to proceed to
1145
+ # the next rule, similar to a `CountAction`.
1146
+ #
1147
+ # * If the request doesn't include a valid, unexpired challenge token,
1148
+ # WAF discontinues the web ACL evaluation of the request and blocks it
1149
+ # from going to its intended destination.
1150
+ #
1151
+ # WAF then generates a challenge response that it sends back to the
1152
+ # client, which includes the following:
1153
+ #
1154
+ # * The header `x-amzn-waf-action` with a value of `challenge`.
1155
+ #
1156
+ # * The HTTP status code `202 Request Accepted`.
1157
+ #
1158
+ # * If the request contains an `Accept` header with a value of
1159
+ # `text/html`, the response includes a JavaScript page interstitial
1160
+ # with a challenge script.
1161
+ #
1162
+ # Challenges run silent browser interrogations in the background, and
1163
+ # don't generally affect the end user experience.
1164
+ #
1165
+ # A challenge enforces token acquisition using an interstitial
1166
+ # JavaScript challenge that inspects the client session for legitimate
1167
+ # behavior. The challenge blocks bots or at least increases the cost
1168
+ # of operating sophisticated bots.
1169
+ #
1170
+ # After the client session successfully responds to the challenge, it
1171
+ # receives a new token from WAF, which the challenge script uses to
1172
+ # resubmit the original request.
1173
+ #
1174
+ # You can configure the expiration time in the `ChallengeConfig`
1175
+ # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule
1176
+ # setting overrides the web ACL setting.
1177
+ #
1178
+ # This action option is available for rules. It isn't available for web
1179
+ # ACL default actions.
1180
+ #
1181
+ # @note When making an API call, you may pass ChallengeAction
1182
+ # data as a hash:
1183
+ #
1184
+ # {
1185
+ # custom_request_handling: {
1186
+ # insert_headers: [ # required
1187
+ # {
1188
+ # name: "CustomHTTPHeaderName", # required
1189
+ # value: "CustomHTTPHeaderValue", # required
1190
+ # },
1191
+ # ],
1192
+ # },
1193
+ # }
1194
+ #
1195
+ # @!attribute [rw] custom_request_handling
1196
+ # Defines custom handling for the web request, used when the challenge
1197
+ # inspection determines that the request's token is valid and
1198
+ # unexpired.
1199
+ #
1200
+ # For information about customizing web requests and responses, see
1201
+ # [Customizing web requests and responses in WAF][1] in the [WAF
1202
+ # Developer Guide][2].
1203
+ #
1204
+ #
1205
+ #
1206
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1207
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1208
+ # @return [Types::CustomRequestHandling]
1209
+ #
1210
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation
1211
+ #
1212
+ class ChallengeAction < Struct.new(
1213
+ :custom_request_handling)
1214
+ SENSITIVE = []
1215
+ include Aws::Structure
1216
+ end
1217
+
1218
+ # Specifies how WAF should handle `Challenge` evaluations. This is
1219
+ # available at the web ACL level and in each rule.
1220
+ #
1221
+ # @note When making an API call, you may pass ChallengeConfig
1222
+ # data as a hash:
1223
+ #
1224
+ # {
1225
+ # immunity_time_property: {
1226
+ # immunity_time: 1, # required
1227
+ # },
1228
+ # }
1229
+ #
1230
+ # @!attribute [rw] immunity_time_property
1231
+ # Determines how long a challenge timestamp in the token remains valid
1232
+ # after the client successfully responds to a challenge.
1233
+ # @return [Types::ImmunityTimeProperty]
1234
+ #
1235
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeConfig AWS API Documentation
1236
+ #
1237
+ class ChallengeConfig < Struct.new(
1238
+ :immunity_time_property)
1239
+ SENSITIVE = []
1240
+ include Aws::Structure
1241
+ end
1242
+
1243
+ # The result from the inspection of the web request for a valid
1244
+ # challenge token.
1245
+ #
1246
+ # @!attribute [rw] response_code
1247
+ # The HTTP response code indicating the status of the challenge token
1248
+ # in the web request. If the token is missing, invalid, or expired,
1249
+ # this code is `202 Request Accepted`.
1250
+ # @return [Integer]
1251
+ #
1252
+ # @!attribute [rw] solve_timestamp
1253
+ # The time that the challenge was last solved for the supplied token.
1254
+ # @return [Integer]
1255
+ #
1256
+ # @!attribute [rw] failure_reason
1257
+ # The reason for failure, populated when the evaluation of the token
1258
+ # fails.
1259
+ # @return [String]
1260
+ #
1261
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeResponse AWS API Documentation
1262
+ #
1263
+ class ChallengeResponse < Struct.new(
1264
+ :response_code,
1265
+ :solve_timestamp,
1266
+ :failure_reason)
1267
+ SENSITIVE = []
1268
+ include Aws::Structure
1269
+ end
1270
+
980
1271
  # @note When making an API call, you may pass CheckCapacityRequest
981
1272
  # data as a hash:
982
1273
  #
@@ -1234,6 +1525,65 @@ module Aws::WAFV2
1234
1525
  # name: "EntityName", # required
1235
1526
  # },
1236
1527
  # ],
1528
+ # rule_action_overrides: [
1529
+ # {
1530
+ # name: "EntityName", # required
1531
+ # action_to_use: { # required
1532
+ # block: {
1533
+ # custom_response: {
1534
+ # response_code: 1, # required
1535
+ # custom_response_body_key: "EntityName",
1536
+ # response_headers: [
1537
+ # {
1538
+ # name: "CustomHTTPHeaderName", # required
1539
+ # value: "CustomHTTPHeaderValue", # required
1540
+ # },
1541
+ # ],
1542
+ # },
1543
+ # },
1544
+ # allow: {
1545
+ # custom_request_handling: {
1546
+ # insert_headers: [ # required
1547
+ # {
1548
+ # name: "CustomHTTPHeaderName", # required
1549
+ # value: "CustomHTTPHeaderValue", # required
1550
+ # },
1551
+ # ],
1552
+ # },
1553
+ # },
1554
+ # count: {
1555
+ # custom_request_handling: {
1556
+ # insert_headers: [ # required
1557
+ # {
1558
+ # name: "CustomHTTPHeaderName", # required
1559
+ # value: "CustomHTTPHeaderValue", # required
1560
+ # },
1561
+ # ],
1562
+ # },
1563
+ # },
1564
+ # captcha: {
1565
+ # custom_request_handling: {
1566
+ # insert_headers: [ # required
1567
+ # {
1568
+ # name: "CustomHTTPHeaderName", # required
1569
+ # value: "CustomHTTPHeaderValue", # required
1570
+ # },
1571
+ # ],
1572
+ # },
1573
+ # },
1574
+ # challenge: {
1575
+ # custom_request_handling: {
1576
+ # insert_headers: [ # required
1577
+ # {
1578
+ # name: "CustomHTTPHeaderName", # required
1579
+ # value: "CustomHTTPHeaderValue", # required
1580
+ # },
1581
+ # ],
1582
+ # },
1583
+ # },
1584
+ # },
1585
+ # },
1586
+ # ],
1237
1587
  # },
1238
1588
  # ip_set_reference_statement: {
1239
1589
  # arn: "ResourceArn", # required
@@ -1353,6 +1703,68 @@ module Aws::WAFV2
1353
1703
  # password_field: {
1354
1704
  # identifier: "FieldIdentifier", # required
1355
1705
  # },
1706
+ # aws_managed_rules_bot_control_rule_set: {
1707
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
1708
+ # },
1709
+ # },
1710
+ # ],
1711
+ # rule_action_overrides: [
1712
+ # {
1713
+ # name: "EntityName", # required
1714
+ # action_to_use: { # required
1715
+ # block: {
1716
+ # custom_response: {
1717
+ # response_code: 1, # required
1718
+ # custom_response_body_key: "EntityName",
1719
+ # response_headers: [
1720
+ # {
1721
+ # name: "CustomHTTPHeaderName", # required
1722
+ # value: "CustomHTTPHeaderValue", # required
1723
+ # },
1724
+ # ],
1725
+ # },
1726
+ # },
1727
+ # allow: {
1728
+ # custom_request_handling: {
1729
+ # insert_headers: [ # required
1730
+ # {
1731
+ # name: "CustomHTTPHeaderName", # required
1732
+ # value: "CustomHTTPHeaderValue", # required
1733
+ # },
1734
+ # ],
1735
+ # },
1736
+ # },
1737
+ # count: {
1738
+ # custom_request_handling: {
1739
+ # insert_headers: [ # required
1740
+ # {
1741
+ # name: "CustomHTTPHeaderName", # required
1742
+ # value: "CustomHTTPHeaderValue", # required
1743
+ # },
1744
+ # ],
1745
+ # },
1746
+ # },
1747
+ # captcha: {
1748
+ # custom_request_handling: {
1749
+ # insert_headers: [ # required
1750
+ # {
1751
+ # name: "CustomHTTPHeaderName", # required
1752
+ # value: "CustomHTTPHeaderValue", # required
1753
+ # },
1754
+ # ],
1755
+ # },
1756
+ # },
1757
+ # challenge: {
1758
+ # custom_request_handling: {
1759
+ # insert_headers: [ # required
1760
+ # {
1761
+ # name: "CustomHTTPHeaderName", # required
1762
+ # value: "CustomHTTPHeaderValue", # required
1763
+ # },
1764
+ # ],
1765
+ # },
1766
+ # },
1767
+ # },
1356
1768
  # },
1357
1769
  # ],
1358
1770
  # },
@@ -1462,6 +1874,16 @@ module Aws::WAFV2
1462
1874
  # ],
1463
1875
  # },
1464
1876
  # },
1877
+ # challenge: {
1878
+ # custom_request_handling: {
1879
+ # insert_headers: [ # required
1880
+ # {
1881
+ # name: "CustomHTTPHeaderName", # required
1882
+ # value: "CustomHTTPHeaderValue", # required
1883
+ # },
1884
+ # ],
1885
+ # },
1886
+ # },
1465
1887
  # },
1466
1888
  # override_action: {
1467
1889
  # count: {
@@ -1492,6 +1914,11 @@ module Aws::WAFV2
1492
1914
  # immunity_time: 1, # required
1493
1915
  # },
1494
1916
  # },
1917
+ # challenge_config: {
1918
+ # immunity_time_property: {
1919
+ # immunity_time: 1, # required
1920
+ # },
1921
+ # },
1495
1922
  # },
1496
1923
  # ],
1497
1924
  # }
@@ -1544,7 +1971,7 @@ module Aws::WAFV2
1544
1971
  #
1545
1972
  # {
1546
1973
  # action_condition: {
1547
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
1974
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
1548
1975
  # },
1549
1976
  # label_name_condition: {
1550
1977
  # label_name: "LabelName", # required
@@ -2189,6 +2616,65 @@ module Aws::WAFV2
2189
2616
  # name: "EntityName", # required
2190
2617
  # },
2191
2618
  # ],
2619
+ # rule_action_overrides: [
2620
+ # {
2621
+ # name: "EntityName", # required
2622
+ # action_to_use: { # required
2623
+ # block: {
2624
+ # custom_response: {
2625
+ # response_code: 1, # required
2626
+ # custom_response_body_key: "EntityName",
2627
+ # response_headers: [
2628
+ # {
2629
+ # name: "CustomHTTPHeaderName", # required
2630
+ # value: "CustomHTTPHeaderValue", # required
2631
+ # },
2632
+ # ],
2633
+ # },
2634
+ # },
2635
+ # allow: {
2636
+ # custom_request_handling: {
2637
+ # insert_headers: [ # required
2638
+ # {
2639
+ # name: "CustomHTTPHeaderName", # required
2640
+ # value: "CustomHTTPHeaderValue", # required
2641
+ # },
2642
+ # ],
2643
+ # },
2644
+ # },
2645
+ # count: {
2646
+ # custom_request_handling: {
2647
+ # insert_headers: [ # required
2648
+ # {
2649
+ # name: "CustomHTTPHeaderName", # required
2650
+ # value: "CustomHTTPHeaderValue", # required
2651
+ # },
2652
+ # ],
2653
+ # },
2654
+ # },
2655
+ # captcha: {
2656
+ # custom_request_handling: {
2657
+ # insert_headers: [ # required
2658
+ # {
2659
+ # name: "CustomHTTPHeaderName", # required
2660
+ # value: "CustomHTTPHeaderValue", # required
2661
+ # },
2662
+ # ],
2663
+ # },
2664
+ # },
2665
+ # challenge: {
2666
+ # custom_request_handling: {
2667
+ # insert_headers: [ # required
2668
+ # {
2669
+ # name: "CustomHTTPHeaderName", # required
2670
+ # value: "CustomHTTPHeaderValue", # required
2671
+ # },
2672
+ # ],
2673
+ # },
2674
+ # },
2675
+ # },
2676
+ # },
2677
+ # ],
2192
2678
  # },
2193
2679
  # ip_set_reference_statement: {
2194
2680
  # arn: "ResourceArn", # required
@@ -2308,6 +2794,68 @@ module Aws::WAFV2
2308
2794
  # password_field: {
2309
2795
  # identifier: "FieldIdentifier", # required
2310
2796
  # },
2797
+ # aws_managed_rules_bot_control_rule_set: {
2798
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
2799
+ # },
2800
+ # },
2801
+ # ],
2802
+ # rule_action_overrides: [
2803
+ # {
2804
+ # name: "EntityName", # required
2805
+ # action_to_use: { # required
2806
+ # block: {
2807
+ # custom_response: {
2808
+ # response_code: 1, # required
2809
+ # custom_response_body_key: "EntityName",
2810
+ # response_headers: [
2811
+ # {
2812
+ # name: "CustomHTTPHeaderName", # required
2813
+ # value: "CustomHTTPHeaderValue", # required
2814
+ # },
2815
+ # ],
2816
+ # },
2817
+ # },
2818
+ # allow: {
2819
+ # custom_request_handling: {
2820
+ # insert_headers: [ # required
2821
+ # {
2822
+ # name: "CustomHTTPHeaderName", # required
2823
+ # value: "CustomHTTPHeaderValue", # required
2824
+ # },
2825
+ # ],
2826
+ # },
2827
+ # },
2828
+ # count: {
2829
+ # custom_request_handling: {
2830
+ # insert_headers: [ # required
2831
+ # {
2832
+ # name: "CustomHTTPHeaderName", # required
2833
+ # value: "CustomHTTPHeaderValue", # required
2834
+ # },
2835
+ # ],
2836
+ # },
2837
+ # },
2838
+ # captcha: {
2839
+ # custom_request_handling: {
2840
+ # insert_headers: [ # required
2841
+ # {
2842
+ # name: "CustomHTTPHeaderName", # required
2843
+ # value: "CustomHTTPHeaderValue", # required
2844
+ # },
2845
+ # ],
2846
+ # },
2847
+ # },
2848
+ # challenge: {
2849
+ # custom_request_handling: {
2850
+ # insert_headers: [ # required
2851
+ # {
2852
+ # name: "CustomHTTPHeaderName", # required
2853
+ # value: "CustomHTTPHeaderValue", # required
2854
+ # },
2855
+ # ],
2856
+ # },
2857
+ # },
2858
+ # },
2311
2859
  # },
2312
2860
  # ],
2313
2861
  # },
@@ -2417,6 +2965,16 @@ module Aws::WAFV2
2417
2965
  # ],
2418
2966
  # },
2419
2967
  # },
2968
+ # challenge: {
2969
+ # custom_request_handling: {
2970
+ # insert_headers: [ # required
2971
+ # {
2972
+ # name: "CustomHTTPHeaderName", # required
2973
+ # value: "CustomHTTPHeaderValue", # required
2974
+ # },
2975
+ # ],
2976
+ # },
2977
+ # },
2420
2978
  # },
2421
2979
  # override_action: {
2422
2980
  # count: {
@@ -2447,6 +3005,11 @@ module Aws::WAFV2
2447
3005
  # immunity_time: 1, # required
2448
3006
  # },
2449
3007
  # },
3008
+ # challenge_config: {
3009
+ # immunity_time_property: {
3010
+ # immunity_time: 1, # required
3011
+ # },
3012
+ # },
2450
3013
  # },
2451
3014
  # ],
2452
3015
  # visibility_config: { # required
@@ -2861,6 +3424,65 @@ module Aws::WAFV2
2861
3424
  # name: "EntityName", # required
2862
3425
  # },
2863
3426
  # ],
3427
+ # rule_action_overrides: [
3428
+ # {
3429
+ # name: "EntityName", # required
3430
+ # action_to_use: { # required
3431
+ # block: {
3432
+ # custom_response: {
3433
+ # response_code: 1, # required
3434
+ # custom_response_body_key: "EntityName",
3435
+ # response_headers: [
3436
+ # {
3437
+ # name: "CustomHTTPHeaderName", # required
3438
+ # value: "CustomHTTPHeaderValue", # required
3439
+ # },
3440
+ # ],
3441
+ # },
3442
+ # },
3443
+ # allow: {
3444
+ # custom_request_handling: {
3445
+ # insert_headers: [ # required
3446
+ # {
3447
+ # name: "CustomHTTPHeaderName", # required
3448
+ # value: "CustomHTTPHeaderValue", # required
3449
+ # },
3450
+ # ],
3451
+ # },
3452
+ # },
3453
+ # count: {
3454
+ # custom_request_handling: {
3455
+ # insert_headers: [ # required
3456
+ # {
3457
+ # name: "CustomHTTPHeaderName", # required
3458
+ # value: "CustomHTTPHeaderValue", # required
3459
+ # },
3460
+ # ],
3461
+ # },
3462
+ # },
3463
+ # captcha: {
3464
+ # custom_request_handling: {
3465
+ # insert_headers: [ # required
3466
+ # {
3467
+ # name: "CustomHTTPHeaderName", # required
3468
+ # value: "CustomHTTPHeaderValue", # required
3469
+ # },
3470
+ # ],
3471
+ # },
3472
+ # },
3473
+ # challenge: {
3474
+ # custom_request_handling: {
3475
+ # insert_headers: [ # required
3476
+ # {
3477
+ # name: "CustomHTTPHeaderName", # required
3478
+ # value: "CustomHTTPHeaderValue", # required
3479
+ # },
3480
+ # ],
3481
+ # },
3482
+ # },
3483
+ # },
3484
+ # },
3485
+ # ],
2864
3486
  # },
2865
3487
  # ip_set_reference_statement: {
2866
3488
  # arn: "ResourceArn", # required
@@ -2980,6 +3602,68 @@ module Aws::WAFV2
2980
3602
  # password_field: {
2981
3603
  # identifier: "FieldIdentifier", # required
2982
3604
  # },
3605
+ # aws_managed_rules_bot_control_rule_set: {
3606
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
3607
+ # },
3608
+ # },
3609
+ # ],
3610
+ # rule_action_overrides: [
3611
+ # {
3612
+ # name: "EntityName", # required
3613
+ # action_to_use: { # required
3614
+ # block: {
3615
+ # custom_response: {
3616
+ # response_code: 1, # required
3617
+ # custom_response_body_key: "EntityName",
3618
+ # response_headers: [
3619
+ # {
3620
+ # name: "CustomHTTPHeaderName", # required
3621
+ # value: "CustomHTTPHeaderValue", # required
3622
+ # },
3623
+ # ],
3624
+ # },
3625
+ # },
3626
+ # allow: {
3627
+ # custom_request_handling: {
3628
+ # insert_headers: [ # required
3629
+ # {
3630
+ # name: "CustomHTTPHeaderName", # required
3631
+ # value: "CustomHTTPHeaderValue", # required
3632
+ # },
3633
+ # ],
3634
+ # },
3635
+ # },
3636
+ # count: {
3637
+ # custom_request_handling: {
3638
+ # insert_headers: [ # required
3639
+ # {
3640
+ # name: "CustomHTTPHeaderName", # required
3641
+ # value: "CustomHTTPHeaderValue", # required
3642
+ # },
3643
+ # ],
3644
+ # },
3645
+ # },
3646
+ # captcha: {
3647
+ # custom_request_handling: {
3648
+ # insert_headers: [ # required
3649
+ # {
3650
+ # name: "CustomHTTPHeaderName", # required
3651
+ # value: "CustomHTTPHeaderValue", # required
3652
+ # },
3653
+ # ],
3654
+ # },
3655
+ # },
3656
+ # challenge: {
3657
+ # custom_request_handling: {
3658
+ # insert_headers: [ # required
3659
+ # {
3660
+ # name: "CustomHTTPHeaderName", # required
3661
+ # value: "CustomHTTPHeaderValue", # required
3662
+ # },
3663
+ # ],
3664
+ # },
3665
+ # },
3666
+ # },
2983
3667
  # },
2984
3668
  # ],
2985
3669
  # },
@@ -3089,6 +3773,16 @@ module Aws::WAFV2
3089
3773
  # ],
3090
3774
  # },
3091
3775
  # },
3776
+ # challenge: {
3777
+ # custom_request_handling: {
3778
+ # insert_headers: [ # required
3779
+ # {
3780
+ # name: "CustomHTTPHeaderName", # required
3781
+ # value: "CustomHTTPHeaderValue", # required
3782
+ # },
3783
+ # ],
3784
+ # },
3785
+ # },
3092
3786
  # },
3093
3787
  # override_action: {
3094
3788
  # count: {
@@ -3119,6 +3813,11 @@ module Aws::WAFV2
3119
3813
  # immunity_time: 1, # required
3120
3814
  # },
3121
3815
  # },
3816
+ # challenge_config: {
3817
+ # immunity_time_property: {
3818
+ # immunity_time: 1, # required
3819
+ # },
3820
+ # },
3122
3821
  # },
3123
3822
  # ],
3124
3823
  # visibility_config: { # required
@@ -3143,6 +3842,12 @@ module Aws::WAFV2
3143
3842
  # immunity_time: 1, # required
3144
3843
  # },
3145
3844
  # },
3845
+ # challenge_config: {
3846
+ # immunity_time_property: {
3847
+ # immunity_time: 1, # required
3848
+ # },
3849
+ # },
3850
+ # token_domains: ["TokenDomain"],
3146
3851
  # }
3147
3852
  #
3148
3853
  # @!attribute [rw] name
@@ -3217,6 +3922,26 @@ module Aws::WAFV2
3217
3922
  # specify this, WAF uses its default settings for `CaptchaConfig`.
3218
3923
  # @return [Types::CaptchaConfig]
3219
3924
  #
3925
+ # @!attribute [rw] challenge_config
3926
+ # Specifies how WAF should handle challenge evaluations for rules that
3927
+ # don't have their own `ChallengeConfig` settings. If you don't
3928
+ # specify this, WAF uses its default settings for `ChallengeConfig`.
3929
+ # @return [Types::ChallengeConfig]
3930
+ #
3931
+ # @!attribute [rw] token_domains
3932
+ # Specifies the domains that WAF should accept in a web request token.
3933
+ # This enables the use of tokens across multiple protected websites.
3934
+ # When WAF provides a token, it uses the domain of the Amazon Web
3935
+ # Services resource that the web ACL is protecting. If you don't
3936
+ # specify a list of token domains, WAF accepts tokens only for the
3937
+ # domain of the protected resource. With a token domain list, WAF
3938
+ # accepts the resource's host domain plus all domains in the token
3939
+ # domain list, including their prefixed subdomains.
3940
+ #
3941
+ # Example JSON: `"TokenDomains": \{ "mywebsite.com",
3942
+ # "myotherwebsite.com" \}`
3943
+ # @return [Array<String>]
3944
+ #
3220
3945
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
3221
3946
  #
3222
3947
  class CreateWebACLRequest < Struct.new(
@@ -3228,7 +3953,9 @@ module Aws::WAFV2
3228
3953
  :visibility_config,
3229
3954
  :tags,
3230
3955
  :custom_response_bodies,
3231
- :captcha_config)
3956
+ :captcha_config,
3957
+ :challenge_config,
3958
+ :token_domains)
3232
3959
  SENSITIVE = []
3233
3960
  include Aws::Structure
3234
3961
  end
@@ -3283,8 +4010,9 @@ module Aws::WAFV2
3283
4010
  end
3284
4011
 
3285
4012
  # Custom request handling behavior that inserts custom headers into a
3286
- # web request. You can add custom request handling for the rule actions
3287
- # allow and count.
4013
+ # web request. You can add custom request handling for WAF to use when
4014
+ # the rule action doesn't block the request. For example,
4015
+ # `CaptchaAction` for requests with valid t okens, and `AllowAction`.
3288
4016
  #
3289
4017
  # For information about customizing web requests and responses, see
3290
4018
  # [Customizing web requests and responses in WAF][1] in the [WAF
@@ -4015,10 +4743,12 @@ module Aws::WAFV2
4015
4743
  class DisassociateWebACLResponse < Aws::EmptyStructure; end
4016
4744
 
4017
4745
  # Specifies a single rule in a rule group whose action you want to
4018
- # override to `Count`. When you exclude a rule, WAF evaluates it exactly
4019
- # as it would if the rule action setting were `Count`. This is a useful
4020
- # option for testing the rules in a rule group without modifying how
4021
- # they handle your web traffic.
4746
+ # override to `Count`.
4747
+ #
4748
+ # <note markdown="1"> Instead of this option, use `RuleActionOverrides`. It accepts any
4749
+ # valid action setting, including `Count`.
4750
+ #
4751
+ # </note>
4022
4752
  #
4023
4753
  # @note When making an API call, you may pass ExcludedRule
4024
4754
  # data as a hash:
@@ -4223,7 +4953,7 @@ module Aws::WAFV2
4223
4953
  # conditions: [ # required
4224
4954
  # {
4225
4955
  # action_condition: {
4226
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
4956
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
4227
4957
  # },
4228
4958
  # label_name_condition: {
4229
4959
  # label_name: "LabelName", # required
@@ -4290,8 +5020,9 @@ module Aws::WAFV2
4290
5020
  #
4291
5021
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
4292
5022
  # in the rule group are evaluated. If you want the rules in the rule
4293
- # group to only count matches, do not use this and instead exclude
4294
- # those rules in your rule group reference statement settings.
5023
+ # group to only count matches, do not use this and instead use the
5024
+ # rule action override option, with `Count` action, in your rule group
5025
+ # reference statement settings.
4295
5026
  #
4296
5027
  # </note>
4297
5028
  # @return [Types::OverrideAction]
@@ -5671,8 +6402,9 @@ module Aws::WAFV2
5671
6402
  include Aws::Structure
5672
6403
  end
5673
6404
 
5674
- # Determines how long a `CAPTCHA` token remains valid after the client
5675
- # successfully solves a `CAPTCHA` puzzle.
6405
+ # Used for CAPTCHA and challenge token settings. Determines how long a
6406
+ # `CAPTCHA` or challenge timestamp remains valid after WAF updates it
6407
+ # for a successful `CAPTCHA` or challenge response.
5676
6408
  #
5677
6409
  # @note When making an API call, you may pass ImmunityTimeProperty
5678
6410
  # data as a hash:
@@ -5682,8 +6414,10 @@ module Aws::WAFV2
5682
6414
  # }
5683
6415
  #
5684
6416
  # @!attribute [rw] immunity_time
5685
- # The amount of time, in seconds, that a `CAPTCHA` token is valid. The
5686
- # default setting is 300.
6417
+ # The amount of time, in seconds, that a `CAPTCHA` or challenge
6418
+ # timestamp is considered valid by WAF. The default setting is 300.
6419
+ #
6420
+ # For the Challenge action, the minimum setting is 300.
5687
6421
  # @return [Integer]
5688
6422
  #
5689
6423
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ImmunityTimeProperty AWS API Documentation
@@ -6819,7 +7553,7 @@ module Aws::WAFV2
6819
7553
  # conditions: [ # required
6820
7554
  # {
6821
7555
  # action_condition: {
6822
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
7556
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
6823
7557
  # },
6824
7558
  # label_name_condition: {
6825
7559
  # label_name: "LabelName", # required
@@ -6899,7 +7633,7 @@ module Aws::WAFV2
6899
7633
  # conditions: [ # required
6900
7634
  # {
6901
7635
  # action_condition: {
6902
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
7636
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
6903
7637
  # },
6904
7638
  # label_name_condition: {
6905
7639
  # label_name: "LabelName", # required
@@ -6929,19 +7663,12 @@ module Aws::WAFV2
6929
7663
  include Aws::Structure
6930
7664
  end
6931
7665
 
6932
- # Additional information that's used by a managed rule group. Most
7666
+ # Additional information that's used by a managed rule group. Many
6933
7667
  # managed rule groups don't require this.
6934
7668
  #
6935
- # Use this for the account takeover prevention managed rule group
6936
- # `AWSManagedRulesATPRuleSet`, to provide information about the sign-in
6937
- # page of your application.
6938
- #
6939
- # You can provide multiple individual `ManagedRuleGroupConfig` objects
6940
- # for any rule group configuration, for example `UsernameField` and
6941
- # `PasswordField`. The configuration that you provide depends on the
6942
- # needs of the managed rule group. For the ATP managed rule group, you
6943
- # provide the following individual configuration objects: `LoginPath`,
6944
- # `PasswordField`, `PayloadType` and `UsernameField`.
7669
+ # Use the `AWSManagedRulesBotControlRuleSet` configuration object to
7670
+ # configure the protection level that you want the Bot Control rule
7671
+ # group to use.
6945
7672
  #
6946
7673
  # For example specifications, see the examples section of CreateWebACL.
6947
7674
  #
@@ -6957,6 +7684,9 @@ module Aws::WAFV2
6957
7684
  # password_field: {
6958
7685
  # identifier: "FieldIdentifier", # required
6959
7686
  # },
7687
+ # aws_managed_rules_bot_control_rule_set: {
7688
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
7689
+ # },
6960
7690
  # }
6961
7691
  #
6962
7692
  # @!attribute [rw] login_path
@@ -6978,13 +7708,27 @@ module Aws::WAFV2
6978
7708
  # Details about your login page password field.
6979
7709
  # @return [Types::PasswordField]
6980
7710
  #
7711
+ # @!attribute [rw] aws_managed_rules_bot_control_rule_set
7712
+ # Additional configuration for using the Bot Control managed rule
7713
+ # group. Use this to specify the inspection level that you want to
7714
+ # use. For information about using the Bot Control managed rule group,
7715
+ # see [WAF Bot Control rule group][1] and [WAF Bot Control][2] in the
7716
+ # *WAF Developer Guide*.
7717
+ #
7718
+ #
7719
+ #
7720
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html
7721
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html
7722
+ # @return [Types::AWSManagedRulesBotControlRuleSet]
7723
+ #
6981
7724
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupConfig AWS API Documentation
6982
7725
  #
6983
7726
  class ManagedRuleGroupConfig < Struct.new(
6984
7727
  :login_path,
6985
7728
  :payload_type,
6986
7729
  :username_field,
6987
- :password_field)
7730
+ :password_field,
7731
+ :aws_managed_rules_bot_control_rule_set)
6988
7732
  SENSITIVE = []
6989
7733
  include Aws::Structure
6990
7734
  end
@@ -7270,6 +8014,65 @@ module Aws::WAFV2
7270
8014
  # name: "EntityName", # required
7271
8015
  # },
7272
8016
  # ],
8017
+ # rule_action_overrides: [
8018
+ # {
8019
+ # name: "EntityName", # required
8020
+ # action_to_use: { # required
8021
+ # block: {
8022
+ # custom_response: {
8023
+ # response_code: 1, # required
8024
+ # custom_response_body_key: "EntityName",
8025
+ # response_headers: [
8026
+ # {
8027
+ # name: "CustomHTTPHeaderName", # required
8028
+ # value: "CustomHTTPHeaderValue", # required
8029
+ # },
8030
+ # ],
8031
+ # },
8032
+ # },
8033
+ # allow: {
8034
+ # custom_request_handling: {
8035
+ # insert_headers: [ # required
8036
+ # {
8037
+ # name: "CustomHTTPHeaderName", # required
8038
+ # value: "CustomHTTPHeaderValue", # required
8039
+ # },
8040
+ # ],
8041
+ # },
8042
+ # },
8043
+ # count: {
8044
+ # custom_request_handling: {
8045
+ # insert_headers: [ # required
8046
+ # {
8047
+ # name: "CustomHTTPHeaderName", # required
8048
+ # value: "CustomHTTPHeaderValue", # required
8049
+ # },
8050
+ # ],
8051
+ # },
8052
+ # },
8053
+ # captcha: {
8054
+ # custom_request_handling: {
8055
+ # insert_headers: [ # required
8056
+ # {
8057
+ # name: "CustomHTTPHeaderName", # required
8058
+ # value: "CustomHTTPHeaderValue", # required
8059
+ # },
8060
+ # ],
8061
+ # },
8062
+ # },
8063
+ # challenge: {
8064
+ # custom_request_handling: {
8065
+ # insert_headers: [ # required
8066
+ # {
8067
+ # name: "CustomHTTPHeaderName", # required
8068
+ # value: "CustomHTTPHeaderValue", # required
8069
+ # },
8070
+ # ],
8071
+ # },
8072
+ # },
8073
+ # },
8074
+ # },
8075
+ # ],
7273
8076
  # },
7274
8077
  # ip_set_reference_statement: {
7275
8078
  # arn: "ResourceArn", # required
@@ -7389,6 +8192,68 @@ module Aws::WAFV2
7389
8192
  # password_field: {
7390
8193
  # identifier: "FieldIdentifier", # required
7391
8194
  # },
8195
+ # aws_managed_rules_bot_control_rule_set: {
8196
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
8197
+ # },
8198
+ # },
8199
+ # ],
8200
+ # rule_action_overrides: [
8201
+ # {
8202
+ # name: "EntityName", # required
8203
+ # action_to_use: { # required
8204
+ # block: {
8205
+ # custom_response: {
8206
+ # response_code: 1, # required
8207
+ # custom_response_body_key: "EntityName",
8208
+ # response_headers: [
8209
+ # {
8210
+ # name: "CustomHTTPHeaderName", # required
8211
+ # value: "CustomHTTPHeaderValue", # required
8212
+ # },
8213
+ # ],
8214
+ # },
8215
+ # },
8216
+ # allow: {
8217
+ # custom_request_handling: {
8218
+ # insert_headers: [ # required
8219
+ # {
8220
+ # name: "CustomHTTPHeaderName", # required
8221
+ # value: "CustomHTTPHeaderValue", # required
8222
+ # },
8223
+ # ],
8224
+ # },
8225
+ # },
8226
+ # count: {
8227
+ # custom_request_handling: {
8228
+ # insert_headers: [ # required
8229
+ # {
8230
+ # name: "CustomHTTPHeaderName", # required
8231
+ # value: "CustomHTTPHeaderValue", # required
8232
+ # },
8233
+ # ],
8234
+ # },
8235
+ # },
8236
+ # captcha: {
8237
+ # custom_request_handling: {
8238
+ # insert_headers: [ # required
8239
+ # {
8240
+ # name: "CustomHTTPHeaderName", # required
8241
+ # value: "CustomHTTPHeaderValue", # required
8242
+ # },
8243
+ # ],
8244
+ # },
8245
+ # },
8246
+ # challenge: {
8247
+ # custom_request_handling: {
8248
+ # insert_headers: [ # required
8249
+ # {
8250
+ # name: "CustomHTTPHeaderName", # required
8251
+ # value: "CustomHTTPHeaderValue", # required
8252
+ # },
8253
+ # ],
8254
+ # },
8255
+ # },
8256
+ # },
7392
8257
  # },
7393
8258
  # ],
7394
8259
  # },
@@ -7465,6 +8330,68 @@ module Aws::WAFV2
7465
8330
  # password_field: {
7466
8331
  # identifier: "FieldIdentifier", # required
7467
8332
  # },
8333
+ # aws_managed_rules_bot_control_rule_set: {
8334
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
8335
+ # },
8336
+ # },
8337
+ # ],
8338
+ # rule_action_overrides: [
8339
+ # {
8340
+ # name: "EntityName", # required
8341
+ # action_to_use: { # required
8342
+ # block: {
8343
+ # custom_response: {
8344
+ # response_code: 1, # required
8345
+ # custom_response_body_key: "EntityName",
8346
+ # response_headers: [
8347
+ # {
8348
+ # name: "CustomHTTPHeaderName", # required
8349
+ # value: "CustomHTTPHeaderValue", # required
8350
+ # },
8351
+ # ],
8352
+ # },
8353
+ # },
8354
+ # allow: {
8355
+ # custom_request_handling: {
8356
+ # insert_headers: [ # required
8357
+ # {
8358
+ # name: "CustomHTTPHeaderName", # required
8359
+ # value: "CustomHTTPHeaderValue", # required
8360
+ # },
8361
+ # ],
8362
+ # },
8363
+ # },
8364
+ # count: {
8365
+ # custom_request_handling: {
8366
+ # insert_headers: [ # required
8367
+ # {
8368
+ # name: "CustomHTTPHeaderName", # required
8369
+ # value: "CustomHTTPHeaderValue", # required
8370
+ # },
8371
+ # ],
8372
+ # },
8373
+ # },
8374
+ # captcha: {
8375
+ # custom_request_handling: {
8376
+ # insert_headers: [ # required
8377
+ # {
8378
+ # name: "CustomHTTPHeaderName", # required
8379
+ # value: "CustomHTTPHeaderValue", # required
8380
+ # },
8381
+ # ],
8382
+ # },
8383
+ # },
8384
+ # challenge: {
8385
+ # custom_request_handling: {
8386
+ # insert_headers: [ # required
8387
+ # {
8388
+ # name: "CustomHTTPHeaderName", # required
8389
+ # value: "CustomHTTPHeaderValue", # required
8390
+ # },
8391
+ # ],
8392
+ # },
8393
+ # },
8394
+ # },
7468
8395
  # },
7469
8396
  # ],
7470
8397
  # }
@@ -7488,11 +8415,12 @@ module Aws::WAFV2
7488
8415
  # @return [String]
7489
8416
  #
7490
8417
  # @!attribute [rw] excluded_rules
7491
- # The rules in the referenced rule group whose actions are set to
7492
- # `Count`. When you exclude a rule, WAF evaluates it exactly as it
7493
- # would if the rule action setting were `Count`. This is a useful
7494
- # option for testing the rules in a rule group without modifying how
7495
- # they handle your web traffic.
8418
+ # Rules in the referenced rule group whose actions are set to `Count`.
8419
+ #
8420
+ # <note markdown="1"> Instead of this option, use `RuleActionOverrides`. It accepts any
8421
+ # valid action setting, including `Count`.
8422
+ #
8423
+ # </note>
7496
8424
  # @return [Array<Types::ExcludedRule>]
7497
8425
  #
7498
8426
  # @!attribute [rw] scope_down_statement
@@ -7505,21 +8433,26 @@ module Aws::WAFV2
7505
8433
  # @return [Types::Statement]
7506
8434
  #
7507
8435
  # @!attribute [rw] managed_rule_group_configs
7508
- # Additional information that's used by a managed rule group. Most
8436
+ # Additional information that's used by a managed rule group. Many
7509
8437
  # managed rule groups don't require this.
7510
8438
  #
7511
- # Use this for the account takeover prevention managed rule group
7512
- # `AWSManagedRulesATPRuleSet`, to provide information about the
7513
- # sign-in page of your application.
7514
- #
7515
- # You can provide multiple individual `ManagedRuleGroupConfig` objects
7516
- # for any rule group configuration, for example `UsernameField` and
7517
- # `PasswordField`. The configuration that you provide depends on the
7518
- # needs of the managed rule group. For the ATP managed rule group, you
7519
- # provide the following individual configuration objects: `LoginPath`,
7520
- # `PasswordField`, `PayloadType` and `UsernameField`.
8439
+ # Use the `AWSManagedRulesBotControlRuleSet` configuration object to
8440
+ # configure the protection level that you want the Bot Control rule
8441
+ # group to use.
7521
8442
  # @return [Array<Types::ManagedRuleGroupConfig>]
7522
8443
  #
8444
+ # @!attribute [rw] rule_action_overrides
8445
+ # Action settings to use in the place of the rule actions that are
8446
+ # configured inside the rule group. You specify one override for each
8447
+ # rule whose action you want to change.
8448
+ #
8449
+ # You can use overrides for testing, for example you can override all
8450
+ # of rule actions to `Count` and then monitor the resulting count
8451
+ # metrics to understand how the rule group would handle your web
8452
+ # traffic. You can also permanently override some or all actions, to
8453
+ # modify how the rule group manages your web traffic.
8454
+ # @return [Array<Types::RuleActionOverride>]
8455
+ #
7523
8456
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupStatement AWS API Documentation
7524
8457
  #
7525
8458
  class ManagedRuleGroupStatement < Struct.new(
@@ -7528,7 +8461,8 @@ module Aws::WAFV2
7528
8461
  :version,
7529
8462
  :excluded_rules,
7530
8463
  :scope_down_statement,
7531
- :managed_rule_group_configs)
8464
+ :managed_rule_group_configs,
8465
+ :rule_action_overrides)
7532
8466
  SENSITIVE = []
7533
8467
  include Aws::Structure
7534
8468
  end
@@ -7842,10 +8776,10 @@ module Aws::WAFV2
7842
8776
  # and tags.
7843
8777
  #
7844
8778
  # The mobile SDK is not generally available. Customers who have access
7845
- # to the mobile SDK can use it to establish and manage Security Token
7846
- # Service (STS) security tokens for use in HTTP(S) requests from a
7847
- # mobile device to WAF. For more information, see [WAF client
7848
- # application integration][1] in the *WAF Developer Guide*.
8779
+ # to the mobile SDK can use it to establish and manage WAF tokens for
8780
+ # use in HTTP(S) requests from a mobile device to WAF. For more
8781
+ # information, see [WAF client application integration][1] in the *WAF
8782
+ # Developer Guide*.
7849
8783
  #
7850
8784
  #
7851
8785
  #
@@ -8148,6 +9082,65 @@ module Aws::WAFV2
8148
9082
  # name: "EntityName", # required
8149
9083
  # },
8150
9084
  # ],
9085
+ # rule_action_overrides: [
9086
+ # {
9087
+ # name: "EntityName", # required
9088
+ # action_to_use: { # required
9089
+ # block: {
9090
+ # custom_response: {
9091
+ # response_code: 1, # required
9092
+ # custom_response_body_key: "EntityName",
9093
+ # response_headers: [
9094
+ # {
9095
+ # name: "CustomHTTPHeaderName", # required
9096
+ # value: "CustomHTTPHeaderValue", # required
9097
+ # },
9098
+ # ],
9099
+ # },
9100
+ # },
9101
+ # allow: {
9102
+ # custom_request_handling: {
9103
+ # insert_headers: [ # required
9104
+ # {
9105
+ # name: "CustomHTTPHeaderName", # required
9106
+ # value: "CustomHTTPHeaderValue", # required
9107
+ # },
9108
+ # ],
9109
+ # },
9110
+ # },
9111
+ # count: {
9112
+ # custom_request_handling: {
9113
+ # insert_headers: [ # required
9114
+ # {
9115
+ # name: "CustomHTTPHeaderName", # required
9116
+ # value: "CustomHTTPHeaderValue", # required
9117
+ # },
9118
+ # ],
9119
+ # },
9120
+ # },
9121
+ # captcha: {
9122
+ # custom_request_handling: {
9123
+ # insert_headers: [ # required
9124
+ # {
9125
+ # name: "CustomHTTPHeaderName", # required
9126
+ # value: "CustomHTTPHeaderValue", # required
9127
+ # },
9128
+ # ],
9129
+ # },
9130
+ # },
9131
+ # challenge: {
9132
+ # custom_request_handling: {
9133
+ # insert_headers: [ # required
9134
+ # {
9135
+ # name: "CustomHTTPHeaderName", # required
9136
+ # value: "CustomHTTPHeaderValue", # required
9137
+ # },
9138
+ # ],
9139
+ # },
9140
+ # },
9141
+ # },
9142
+ # },
9143
+ # ],
8151
9144
  # },
8152
9145
  # ip_set_reference_statement: {
8153
9146
  # arn: "ResourceArn", # required
@@ -8267,6 +9260,68 @@ module Aws::WAFV2
8267
9260
  # password_field: {
8268
9261
  # identifier: "FieldIdentifier", # required
8269
9262
  # },
9263
+ # aws_managed_rules_bot_control_rule_set: {
9264
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
9265
+ # },
9266
+ # },
9267
+ # ],
9268
+ # rule_action_overrides: [
9269
+ # {
9270
+ # name: "EntityName", # required
9271
+ # action_to_use: { # required
9272
+ # block: {
9273
+ # custom_response: {
9274
+ # response_code: 1, # required
9275
+ # custom_response_body_key: "EntityName",
9276
+ # response_headers: [
9277
+ # {
9278
+ # name: "CustomHTTPHeaderName", # required
9279
+ # value: "CustomHTTPHeaderValue", # required
9280
+ # },
9281
+ # ],
9282
+ # },
9283
+ # },
9284
+ # allow: {
9285
+ # custom_request_handling: {
9286
+ # insert_headers: [ # required
9287
+ # {
9288
+ # name: "CustomHTTPHeaderName", # required
9289
+ # value: "CustomHTTPHeaderValue", # required
9290
+ # },
9291
+ # ],
9292
+ # },
9293
+ # },
9294
+ # count: {
9295
+ # custom_request_handling: {
9296
+ # insert_headers: [ # required
9297
+ # {
9298
+ # name: "CustomHTTPHeaderName", # required
9299
+ # value: "CustomHTTPHeaderValue", # required
9300
+ # },
9301
+ # ],
9302
+ # },
9303
+ # },
9304
+ # captcha: {
9305
+ # custom_request_handling: {
9306
+ # insert_headers: [ # required
9307
+ # {
9308
+ # name: "CustomHTTPHeaderName", # required
9309
+ # value: "CustomHTTPHeaderValue", # required
9310
+ # },
9311
+ # ],
9312
+ # },
9313
+ # },
9314
+ # challenge: {
9315
+ # custom_request_handling: {
9316
+ # insert_headers: [ # required
9317
+ # {
9318
+ # name: "CustomHTTPHeaderName", # required
9319
+ # value: "CustomHTTPHeaderValue", # required
9320
+ # },
9321
+ # ],
9322
+ # },
9323
+ # },
9324
+ # },
8270
9325
  # },
8271
9326
  # ],
8272
9327
  # },
@@ -8604,6 +9659,65 @@ module Aws::WAFV2
8604
9659
  # name: "EntityName", # required
8605
9660
  # },
8606
9661
  # ],
9662
+ # rule_action_overrides: [
9663
+ # {
9664
+ # name: "EntityName", # required
9665
+ # action_to_use: { # required
9666
+ # block: {
9667
+ # custom_response: {
9668
+ # response_code: 1, # required
9669
+ # custom_response_body_key: "EntityName",
9670
+ # response_headers: [
9671
+ # {
9672
+ # name: "CustomHTTPHeaderName", # required
9673
+ # value: "CustomHTTPHeaderValue", # required
9674
+ # },
9675
+ # ],
9676
+ # },
9677
+ # },
9678
+ # allow: {
9679
+ # custom_request_handling: {
9680
+ # insert_headers: [ # required
9681
+ # {
9682
+ # name: "CustomHTTPHeaderName", # required
9683
+ # value: "CustomHTTPHeaderValue", # required
9684
+ # },
9685
+ # ],
9686
+ # },
9687
+ # },
9688
+ # count: {
9689
+ # custom_request_handling: {
9690
+ # insert_headers: [ # required
9691
+ # {
9692
+ # name: "CustomHTTPHeaderName", # required
9693
+ # value: "CustomHTTPHeaderValue", # required
9694
+ # },
9695
+ # ],
9696
+ # },
9697
+ # },
9698
+ # captcha: {
9699
+ # custom_request_handling: {
9700
+ # insert_headers: [ # required
9701
+ # {
9702
+ # name: "CustomHTTPHeaderName", # required
9703
+ # value: "CustomHTTPHeaderValue", # required
9704
+ # },
9705
+ # ],
9706
+ # },
9707
+ # },
9708
+ # challenge: {
9709
+ # custom_request_handling: {
9710
+ # insert_headers: [ # required
9711
+ # {
9712
+ # name: "CustomHTTPHeaderName", # required
9713
+ # value: "CustomHTTPHeaderValue", # required
9714
+ # },
9715
+ # ],
9716
+ # },
9717
+ # },
9718
+ # },
9719
+ # },
9720
+ # ],
8607
9721
  # },
8608
9722
  # ip_set_reference_statement: {
8609
9723
  # arn: "ResourceArn", # required
@@ -8719,6 +9833,68 @@ module Aws::WAFV2
8719
9833
  # password_field: {
8720
9834
  # identifier: "FieldIdentifier", # required
8721
9835
  # },
9836
+ # aws_managed_rules_bot_control_rule_set: {
9837
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
9838
+ # },
9839
+ # },
9840
+ # ],
9841
+ # rule_action_overrides: [
9842
+ # {
9843
+ # name: "EntityName", # required
9844
+ # action_to_use: { # required
9845
+ # block: {
9846
+ # custom_response: {
9847
+ # response_code: 1, # required
9848
+ # custom_response_body_key: "EntityName",
9849
+ # response_headers: [
9850
+ # {
9851
+ # name: "CustomHTTPHeaderName", # required
9852
+ # value: "CustomHTTPHeaderValue", # required
9853
+ # },
9854
+ # ],
9855
+ # },
9856
+ # },
9857
+ # allow: {
9858
+ # custom_request_handling: {
9859
+ # insert_headers: [ # required
9860
+ # {
9861
+ # name: "CustomHTTPHeaderName", # required
9862
+ # value: "CustomHTTPHeaderValue", # required
9863
+ # },
9864
+ # ],
9865
+ # },
9866
+ # },
9867
+ # count: {
9868
+ # custom_request_handling: {
9869
+ # insert_headers: [ # required
9870
+ # {
9871
+ # name: "CustomHTTPHeaderName", # required
9872
+ # value: "CustomHTTPHeaderValue", # required
9873
+ # },
9874
+ # ],
9875
+ # },
9876
+ # },
9877
+ # captcha: {
9878
+ # custom_request_handling: {
9879
+ # insert_headers: [ # required
9880
+ # {
9881
+ # name: "CustomHTTPHeaderName", # required
9882
+ # value: "CustomHTTPHeaderValue", # required
9883
+ # },
9884
+ # ],
9885
+ # },
9886
+ # },
9887
+ # challenge: {
9888
+ # custom_request_handling: {
9889
+ # insert_headers: [ # required
9890
+ # {
9891
+ # name: "CustomHTTPHeaderName", # required
9892
+ # value: "CustomHTTPHeaderValue", # required
9893
+ # },
9894
+ # ],
9895
+ # },
9896
+ # },
9897
+ # },
8722
9898
  # },
8723
9899
  # ],
8724
9900
  # },
@@ -8811,8 +9987,9 @@ module Aws::WAFV2
8811
9987
  #
8812
9988
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
8813
9989
  # in the rule group are evaluated. If you want the rules in the rule
8814
- # group to only count matches, do not use this and instead exclude those
8815
- # rules in your rule group reference statement settings.
9990
+ # group to only count matches, do not use this and instead use the rule
9991
+ # action override option, with `Count` action, in your rule group
9992
+ # reference statement settings.
8816
9993
  #
8817
9994
  # </note>
8818
9995
  #
@@ -8839,8 +10016,9 @@ module Aws::WAFV2
8839
10016
  #
8840
10017
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
8841
10018
  # in the rule group are evaluated. If you want the rules in the rule
8842
- # group to only count matches, do not use this and instead exclude
8843
- # those rules in your rule group reference statement settings.
10019
+ # group to only count matches, do not use this and instead use the
10020
+ # rule action override option, with `Count` action, in your rule group
10021
+ # reference statement settings.
8844
10022
  #
8845
10023
  # </note>
8846
10024
  # @return [Types::CountAction]
@@ -8948,7 +10126,7 @@ module Aws::WAFV2
8948
10126
  # conditions: [ # required
8949
10127
  # {
8950
10128
  # action_condition: {
8951
- # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, EXCLUDED_AS_COUNT
10129
+ # action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT
8952
10130
  # },
8953
10131
  # label_name_condition: {
8954
10132
  # label_name: "LabelName", # required
@@ -9448,6 +10626,65 @@ module Aws::WAFV2
9448
10626
  # name: "EntityName", # required
9449
10627
  # },
9450
10628
  # ],
10629
+ # rule_action_overrides: [
10630
+ # {
10631
+ # name: "EntityName", # required
10632
+ # action_to_use: { # required
10633
+ # block: {
10634
+ # custom_response: {
10635
+ # response_code: 1, # required
10636
+ # custom_response_body_key: "EntityName",
10637
+ # response_headers: [
10638
+ # {
10639
+ # name: "CustomHTTPHeaderName", # required
10640
+ # value: "CustomHTTPHeaderValue", # required
10641
+ # },
10642
+ # ],
10643
+ # },
10644
+ # },
10645
+ # allow: {
10646
+ # custom_request_handling: {
10647
+ # insert_headers: [ # required
10648
+ # {
10649
+ # name: "CustomHTTPHeaderName", # required
10650
+ # value: "CustomHTTPHeaderValue", # required
10651
+ # },
10652
+ # ],
10653
+ # },
10654
+ # },
10655
+ # count: {
10656
+ # custom_request_handling: {
10657
+ # insert_headers: [ # required
10658
+ # {
10659
+ # name: "CustomHTTPHeaderName", # required
10660
+ # value: "CustomHTTPHeaderValue", # required
10661
+ # },
10662
+ # ],
10663
+ # },
10664
+ # },
10665
+ # captcha: {
10666
+ # custom_request_handling: {
10667
+ # insert_headers: [ # required
10668
+ # {
10669
+ # name: "CustomHTTPHeaderName", # required
10670
+ # value: "CustomHTTPHeaderValue", # required
10671
+ # },
10672
+ # ],
10673
+ # },
10674
+ # },
10675
+ # challenge: {
10676
+ # custom_request_handling: {
10677
+ # insert_headers: [ # required
10678
+ # {
10679
+ # name: "CustomHTTPHeaderName", # required
10680
+ # value: "CustomHTTPHeaderValue", # required
10681
+ # },
10682
+ # ],
10683
+ # },
10684
+ # },
10685
+ # },
10686
+ # },
10687
+ # ],
9451
10688
  # },
9452
10689
  # ip_set_reference_statement: {
9453
10690
  # arn: "ResourceArn", # required
@@ -9567,6 +10804,68 @@ module Aws::WAFV2
9567
10804
  # password_field: {
9568
10805
  # identifier: "FieldIdentifier", # required
9569
10806
  # },
10807
+ # aws_managed_rules_bot_control_rule_set: {
10808
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
10809
+ # },
10810
+ # },
10811
+ # ],
10812
+ # rule_action_overrides: [
10813
+ # {
10814
+ # name: "EntityName", # required
10815
+ # action_to_use: { # required
10816
+ # block: {
10817
+ # custom_response: {
10818
+ # response_code: 1, # required
10819
+ # custom_response_body_key: "EntityName",
10820
+ # response_headers: [
10821
+ # {
10822
+ # name: "CustomHTTPHeaderName", # required
10823
+ # value: "CustomHTTPHeaderValue", # required
10824
+ # },
10825
+ # ],
10826
+ # },
10827
+ # },
10828
+ # allow: {
10829
+ # custom_request_handling: {
10830
+ # insert_headers: [ # required
10831
+ # {
10832
+ # name: "CustomHTTPHeaderName", # required
10833
+ # value: "CustomHTTPHeaderValue", # required
10834
+ # },
10835
+ # ],
10836
+ # },
10837
+ # },
10838
+ # count: {
10839
+ # custom_request_handling: {
10840
+ # insert_headers: [ # required
10841
+ # {
10842
+ # name: "CustomHTTPHeaderName", # required
10843
+ # value: "CustomHTTPHeaderValue", # required
10844
+ # },
10845
+ # ],
10846
+ # },
10847
+ # },
10848
+ # captcha: {
10849
+ # custom_request_handling: {
10850
+ # insert_headers: [ # required
10851
+ # {
10852
+ # name: "CustomHTTPHeaderName", # required
10853
+ # value: "CustomHTTPHeaderValue", # required
10854
+ # },
10855
+ # ],
10856
+ # },
10857
+ # },
10858
+ # challenge: {
10859
+ # custom_request_handling: {
10860
+ # insert_headers: [ # required
10861
+ # {
10862
+ # name: "CustomHTTPHeaderName", # required
10863
+ # value: "CustomHTTPHeaderValue", # required
10864
+ # },
10865
+ # ],
10866
+ # },
10867
+ # },
10868
+ # },
9570
10869
  # },
9571
10870
  # ],
9572
10871
  # },
@@ -10294,6 +11593,65 @@ module Aws::WAFV2
10294
11593
  # name: "EntityName", # required
10295
11594
  # },
10296
11595
  # ],
11596
+ # rule_action_overrides: [
11597
+ # {
11598
+ # name: "EntityName", # required
11599
+ # action_to_use: { # required
11600
+ # block: {
11601
+ # custom_response: {
11602
+ # response_code: 1, # required
11603
+ # custom_response_body_key: "EntityName",
11604
+ # response_headers: [
11605
+ # {
11606
+ # name: "CustomHTTPHeaderName", # required
11607
+ # value: "CustomHTTPHeaderValue", # required
11608
+ # },
11609
+ # ],
11610
+ # },
11611
+ # },
11612
+ # allow: {
11613
+ # custom_request_handling: {
11614
+ # insert_headers: [ # required
11615
+ # {
11616
+ # name: "CustomHTTPHeaderName", # required
11617
+ # value: "CustomHTTPHeaderValue", # required
11618
+ # },
11619
+ # ],
11620
+ # },
11621
+ # },
11622
+ # count: {
11623
+ # custom_request_handling: {
11624
+ # insert_headers: [ # required
11625
+ # {
11626
+ # name: "CustomHTTPHeaderName", # required
11627
+ # value: "CustomHTTPHeaderValue", # required
11628
+ # },
11629
+ # ],
11630
+ # },
11631
+ # },
11632
+ # captcha: {
11633
+ # custom_request_handling: {
11634
+ # insert_headers: [ # required
11635
+ # {
11636
+ # name: "CustomHTTPHeaderName", # required
11637
+ # value: "CustomHTTPHeaderValue", # required
11638
+ # },
11639
+ # ],
11640
+ # },
11641
+ # },
11642
+ # challenge: {
11643
+ # custom_request_handling: {
11644
+ # insert_headers: [ # required
11645
+ # {
11646
+ # name: "CustomHTTPHeaderName", # required
11647
+ # value: "CustomHTTPHeaderValue", # required
11648
+ # },
11649
+ # ],
11650
+ # },
11651
+ # },
11652
+ # },
11653
+ # },
11654
+ # ],
10297
11655
  # },
10298
11656
  # ip_set_reference_statement: {
10299
11657
  # arn: "ResourceArn", # required
@@ -10413,6 +11771,68 @@ module Aws::WAFV2
10413
11771
  # password_field: {
10414
11772
  # identifier: "FieldIdentifier", # required
10415
11773
  # },
11774
+ # aws_managed_rules_bot_control_rule_set: {
11775
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
11776
+ # },
11777
+ # },
11778
+ # ],
11779
+ # rule_action_overrides: [
11780
+ # {
11781
+ # name: "EntityName", # required
11782
+ # action_to_use: { # required
11783
+ # block: {
11784
+ # custom_response: {
11785
+ # response_code: 1, # required
11786
+ # custom_response_body_key: "EntityName",
11787
+ # response_headers: [
11788
+ # {
11789
+ # name: "CustomHTTPHeaderName", # required
11790
+ # value: "CustomHTTPHeaderValue", # required
11791
+ # },
11792
+ # ],
11793
+ # },
11794
+ # },
11795
+ # allow: {
11796
+ # custom_request_handling: {
11797
+ # insert_headers: [ # required
11798
+ # {
11799
+ # name: "CustomHTTPHeaderName", # required
11800
+ # value: "CustomHTTPHeaderValue", # required
11801
+ # },
11802
+ # ],
11803
+ # },
11804
+ # },
11805
+ # count: {
11806
+ # custom_request_handling: {
11807
+ # insert_headers: [ # required
11808
+ # {
11809
+ # name: "CustomHTTPHeaderName", # required
11810
+ # value: "CustomHTTPHeaderValue", # required
11811
+ # },
11812
+ # ],
11813
+ # },
11814
+ # },
11815
+ # captcha: {
11816
+ # custom_request_handling: {
11817
+ # insert_headers: [ # required
11818
+ # {
11819
+ # name: "CustomHTTPHeaderName", # required
11820
+ # value: "CustomHTTPHeaderValue", # required
11821
+ # },
11822
+ # ],
11823
+ # },
11824
+ # },
11825
+ # challenge: {
11826
+ # custom_request_handling: {
11827
+ # insert_headers: [ # required
11828
+ # {
11829
+ # name: "CustomHTTPHeaderName", # required
11830
+ # value: "CustomHTTPHeaderValue", # required
11831
+ # },
11832
+ # ],
11833
+ # },
11834
+ # },
11835
+ # },
10416
11836
  # },
10417
11837
  # ],
10418
11838
  # },
@@ -10522,6 +11942,16 @@ module Aws::WAFV2
10522
11942
  # ],
10523
11943
  # },
10524
11944
  # },
11945
+ # challenge: {
11946
+ # custom_request_handling: {
11947
+ # insert_headers: [ # required
11948
+ # {
11949
+ # name: "CustomHTTPHeaderName", # required
11950
+ # value: "CustomHTTPHeaderValue", # required
11951
+ # },
11952
+ # ],
11953
+ # },
11954
+ # },
10525
11955
  # },
10526
11956
  # override_action: {
10527
11957
  # count: {
@@ -10552,6 +11982,11 @@ module Aws::WAFV2
10552
11982
  # immunity_time: 1, # required
10553
11983
  # },
10554
11984
  # },
11985
+ # challenge_config: {
11986
+ # immunity_time_property: {
11987
+ # immunity_time: 1, # required
11988
+ # },
11989
+ # },
10555
11990
  # }
10556
11991
  #
10557
11992
  # @!attribute [rw] name
@@ -10603,8 +12038,9 @@ module Aws::WAFV2
10603
12038
  #
10604
12039
  # <note markdown="1"> This option is usually set to none. It does not affect how the rules
10605
12040
  # in the rule group are evaluated. If you want the rules in the rule
10606
- # group to only count matches, do not use this and instead exclude
10607
- # those rules in your rule group reference statement settings.
12041
+ # group to only count matches, do not use this and instead use the
12042
+ # rule action override option, with `Count` action, in your rule group
12043
+ # reference statement settings.
10608
12044
  #
10609
12045
  # </note>
10610
12046
  # @return [Types::OverrideAction]
@@ -10646,6 +12082,12 @@ module Aws::WAFV2
10646
12082
  # for the web ACL.
10647
12083
  # @return [Types::CaptchaConfig]
10648
12084
  #
12085
+ # @!attribute [rw] challenge_config
12086
+ # Specifies how WAF should handle `Challenge` evaluations. If you
12087
+ # don't specify this, WAF uses the challenge configuration that's
12088
+ # defined for the web ACL.
12089
+ # @return [Types::ChallengeConfig]
12090
+ #
10649
12091
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Rule AWS API Documentation
10650
12092
  #
10651
12093
  class Rule < Struct.new(
@@ -10656,7 +12098,8 @@ module Aws::WAFV2
10656
12098
  :override_action,
10657
12099
  :rule_labels,
10658
12100
  :visibility_config,
10659
- :captcha_config)
12101
+ :captcha_config,
12102
+ :challenge_config)
10660
12103
  SENSITIVE = []
10661
12104
  include Aws::Structure
10662
12105
  end
@@ -10711,6 +12154,16 @@ module Aws::WAFV2
10711
12154
  # ],
10712
12155
  # },
10713
12156
  # },
12157
+ # challenge: {
12158
+ # custom_request_handling: {
12159
+ # insert_headers: [ # required
12160
+ # {
12161
+ # name: "CustomHTTPHeaderName", # required
12162
+ # value: "CustomHTTPHeaderValue", # required
12163
+ # },
12164
+ # ],
12165
+ # },
12166
+ # },
10714
12167
  # }
10715
12168
  #
10716
12169
  # @!attribute [rw] block
@@ -10730,13 +12183,107 @@ module Aws::WAFV2
10730
12183
  # Instructs WAF to run a `CAPTCHA` check against the web request.
10731
12184
  # @return [Types::CaptchaAction]
10732
12185
  #
12186
+ # @!attribute [rw] challenge
12187
+ # Instructs WAF to run a `Challenge` check against the web request.
12188
+ # @return [Types::ChallengeAction]
12189
+ #
10733
12190
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleAction AWS API Documentation
10734
12191
  #
10735
12192
  class RuleAction < Struct.new(
10736
12193
  :block,
10737
12194
  :allow,
10738
12195
  :count,
10739
- :captcha)
12196
+ :captcha,
12197
+ :challenge)
12198
+ SENSITIVE = []
12199
+ include Aws::Structure
12200
+ end
12201
+
12202
+ # Action setting to use in the place of a rule action that is configured
12203
+ # inside the rule group. You specify one override for each rule whose
12204
+ # action you want to change.
12205
+ #
12206
+ # You can use overrides for testing, for example you can override all of
12207
+ # rule actions to `Count` and then monitor the resulting count metrics
12208
+ # to understand how the rule group would handle your web traffic. You
12209
+ # can also permanently override some or all actions, to modify how the
12210
+ # rule group manages your web traffic.
12211
+ #
12212
+ # @note When making an API call, you may pass RuleActionOverride
12213
+ # data as a hash:
12214
+ #
12215
+ # {
12216
+ # name: "EntityName", # required
12217
+ # action_to_use: { # required
12218
+ # block: {
12219
+ # custom_response: {
12220
+ # response_code: 1, # required
12221
+ # custom_response_body_key: "EntityName",
12222
+ # response_headers: [
12223
+ # {
12224
+ # name: "CustomHTTPHeaderName", # required
12225
+ # value: "CustomHTTPHeaderValue", # required
12226
+ # },
12227
+ # ],
12228
+ # },
12229
+ # },
12230
+ # allow: {
12231
+ # custom_request_handling: {
12232
+ # insert_headers: [ # required
12233
+ # {
12234
+ # name: "CustomHTTPHeaderName", # required
12235
+ # value: "CustomHTTPHeaderValue", # required
12236
+ # },
12237
+ # ],
12238
+ # },
12239
+ # },
12240
+ # count: {
12241
+ # custom_request_handling: {
12242
+ # insert_headers: [ # required
12243
+ # {
12244
+ # name: "CustomHTTPHeaderName", # required
12245
+ # value: "CustomHTTPHeaderValue", # required
12246
+ # },
12247
+ # ],
12248
+ # },
12249
+ # },
12250
+ # captcha: {
12251
+ # custom_request_handling: {
12252
+ # insert_headers: [ # required
12253
+ # {
12254
+ # name: "CustomHTTPHeaderName", # required
12255
+ # value: "CustomHTTPHeaderValue", # required
12256
+ # },
12257
+ # ],
12258
+ # },
12259
+ # },
12260
+ # challenge: {
12261
+ # custom_request_handling: {
12262
+ # insert_headers: [ # required
12263
+ # {
12264
+ # name: "CustomHTTPHeaderName", # required
12265
+ # value: "CustomHTTPHeaderValue", # required
12266
+ # },
12267
+ # ],
12268
+ # },
12269
+ # },
12270
+ # },
12271
+ # }
12272
+ #
12273
+ # @!attribute [rw] name
12274
+ # The name of the rule to override.
12275
+ # @return [String]
12276
+ #
12277
+ # @!attribute [rw] action_to_use
12278
+ # The override action to use, in place of the configured action of the
12279
+ # rule in the rule group.
12280
+ # @return [Types::RuleAction]
12281
+ #
12282
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleActionOverride AWS API Documentation
12283
+ #
12284
+ class RuleActionOverride < Struct.new(
12285
+ :name,
12286
+ :action_to_use)
10740
12287
  SENSITIVE = []
10741
12288
  include Aws::Structure
10742
12289
  end
@@ -10883,6 +12430,65 @@ module Aws::WAFV2
10883
12430
  # name: "EntityName", # required
10884
12431
  # },
10885
12432
  # ],
12433
+ # rule_action_overrides: [
12434
+ # {
12435
+ # name: "EntityName", # required
12436
+ # action_to_use: { # required
12437
+ # block: {
12438
+ # custom_response: {
12439
+ # response_code: 1, # required
12440
+ # custom_response_body_key: "EntityName",
12441
+ # response_headers: [
12442
+ # {
12443
+ # name: "CustomHTTPHeaderName", # required
12444
+ # value: "CustomHTTPHeaderValue", # required
12445
+ # },
12446
+ # ],
12447
+ # },
12448
+ # },
12449
+ # allow: {
12450
+ # custom_request_handling: {
12451
+ # insert_headers: [ # required
12452
+ # {
12453
+ # name: "CustomHTTPHeaderName", # required
12454
+ # value: "CustomHTTPHeaderValue", # required
12455
+ # },
12456
+ # ],
12457
+ # },
12458
+ # },
12459
+ # count: {
12460
+ # custom_request_handling: {
12461
+ # insert_headers: [ # required
12462
+ # {
12463
+ # name: "CustomHTTPHeaderName", # required
12464
+ # value: "CustomHTTPHeaderValue", # required
12465
+ # },
12466
+ # ],
12467
+ # },
12468
+ # },
12469
+ # captcha: {
12470
+ # custom_request_handling: {
12471
+ # insert_headers: [ # required
12472
+ # {
12473
+ # name: "CustomHTTPHeaderName", # required
12474
+ # value: "CustomHTTPHeaderValue", # required
12475
+ # },
12476
+ # ],
12477
+ # },
12478
+ # },
12479
+ # challenge: {
12480
+ # custom_request_handling: {
12481
+ # insert_headers: [ # required
12482
+ # {
12483
+ # name: "CustomHTTPHeaderName", # required
12484
+ # value: "CustomHTTPHeaderValue", # required
12485
+ # },
12486
+ # ],
12487
+ # },
12488
+ # },
12489
+ # },
12490
+ # },
12491
+ # ],
10886
12492
  # }
10887
12493
  #
10888
12494
  # @!attribute [rw] arn
@@ -10890,18 +12496,32 @@ module Aws::WAFV2
10890
12496
  # @return [String]
10891
12497
  #
10892
12498
  # @!attribute [rw] excluded_rules
10893
- # The rules in the referenced rule group whose actions are set to
10894
- # `Count`. When you exclude a rule, WAF evaluates it exactly as it
10895
- # would if the rule action setting were `Count`. This is a useful
10896
- # option for testing the rules in a rule group without modifying how
10897
- # they handle your web traffic.
12499
+ # Rules in the referenced rule group whose actions are set to `Count`.
12500
+ #
12501
+ # <note markdown="1"> Instead of this option, use `RuleActionOverrides`. It accepts any
12502
+ # valid action setting, including `Count`.
12503
+ #
12504
+ # </note>
10898
12505
  # @return [Array<Types::ExcludedRule>]
10899
12506
  #
12507
+ # @!attribute [rw] rule_action_overrides
12508
+ # Action settings to use in the place of the rule actions that are
12509
+ # configured inside the rule group. You specify one override for each
12510
+ # rule whose action you want to change.
12511
+ #
12512
+ # You can use overrides for testing, for example you can override all
12513
+ # of rule actions to `Count` and then monitor the resulting count
12514
+ # metrics to understand how the rule group would handle your web
12515
+ # traffic. You can also permanently override some or all actions, to
12516
+ # modify how the rule group manages your web traffic.
12517
+ # @return [Array<Types::RuleActionOverride>]
12518
+ #
10900
12519
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RuleGroupReferenceStatement AWS API Documentation
10901
12520
  #
10902
12521
  class RuleGroupReferenceStatement < Struct.new(
10903
12522
  :arn,
10904
- :excluded_rules)
12523
+ :excluded_rules,
12524
+ :rule_action_overrides)
10905
12525
  SENSITIVE = []
10906
12526
  include Aws::Structure
10907
12527
  end
@@ -11003,8 +12623,7 @@ module Aws::WAFV2
11003
12623
  # @return [Time]
11004
12624
  #
11005
12625
  # @!attribute [rw] action
11006
- # The action for the `Rule` that the request matched: `Allow`,
11007
- # `Block`, or `Count`.
12626
+ # The action that WAF applied to the request.
11008
12627
  # @return [String]
11009
12628
  #
11010
12629
  # @!attribute [rw] rule_name_within_rule_group
@@ -11039,6 +12658,17 @@ module Aws::WAFV2
11039
12658
  # The `CAPTCHA` response for the request.
11040
12659
  # @return [Types::CaptchaResponse]
11041
12660
  #
12661
+ # @!attribute [rw] challenge_response
12662
+ # The `Challenge` response for the request.
12663
+ # @return [Types::ChallengeResponse]
12664
+ #
12665
+ # @!attribute [rw] overridden_action
12666
+ # Used only for rule group rules that have a rule action override in
12667
+ # place in the web ACL. This is the action that the rule group rule is
12668
+ # configured for, and not the action that was applied to the request.
12669
+ # The action that WAF applied is the `Action` value.
12670
+ # @return [String]
12671
+ #
11042
12672
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
11043
12673
  #
11044
12674
  class SampledHTTPRequest < Struct.new(
@@ -11050,7 +12680,9 @@ module Aws::WAFV2
11050
12680
  :request_headers_inserted,
11051
12681
  :response_code_sent,
11052
12682
  :labels,
11053
- :captcha_response)
12683
+ :captcha_response,
12684
+ :challenge_response,
12685
+ :overridden_action)
11054
12686
  SENSITIVE = []
11055
12687
  include Aws::Structure
11056
12688
  end
@@ -11588,6 +13220,65 @@ module Aws::WAFV2
11588
13220
  # name: "EntityName", # required
11589
13221
  # },
11590
13222
  # ],
13223
+ # rule_action_overrides: [
13224
+ # {
13225
+ # name: "EntityName", # required
13226
+ # action_to_use: { # required
13227
+ # block: {
13228
+ # custom_response: {
13229
+ # response_code: 1, # required
13230
+ # custom_response_body_key: "EntityName",
13231
+ # response_headers: [
13232
+ # {
13233
+ # name: "CustomHTTPHeaderName", # required
13234
+ # value: "CustomHTTPHeaderValue", # required
13235
+ # },
13236
+ # ],
13237
+ # },
13238
+ # },
13239
+ # allow: {
13240
+ # custom_request_handling: {
13241
+ # insert_headers: [ # required
13242
+ # {
13243
+ # name: "CustomHTTPHeaderName", # required
13244
+ # value: "CustomHTTPHeaderValue", # required
13245
+ # },
13246
+ # ],
13247
+ # },
13248
+ # },
13249
+ # count: {
13250
+ # custom_request_handling: {
13251
+ # insert_headers: [ # required
13252
+ # {
13253
+ # name: "CustomHTTPHeaderName", # required
13254
+ # value: "CustomHTTPHeaderValue", # required
13255
+ # },
13256
+ # ],
13257
+ # },
13258
+ # },
13259
+ # captcha: {
13260
+ # custom_request_handling: {
13261
+ # insert_headers: [ # required
13262
+ # {
13263
+ # name: "CustomHTTPHeaderName", # required
13264
+ # value: "CustomHTTPHeaderValue", # required
13265
+ # },
13266
+ # ],
13267
+ # },
13268
+ # },
13269
+ # challenge: {
13270
+ # custom_request_handling: {
13271
+ # insert_headers: [ # required
13272
+ # {
13273
+ # name: "CustomHTTPHeaderName", # required
13274
+ # value: "CustomHTTPHeaderValue", # required
13275
+ # },
13276
+ # ],
13277
+ # },
13278
+ # },
13279
+ # },
13280
+ # },
13281
+ # ],
11591
13282
  # },
11592
13283
  # ip_set_reference_statement: {
11593
13284
  # arn: "ResourceArn", # required
@@ -11906,6 +13597,65 @@ module Aws::WAFV2
11906
13597
  # name: "EntityName", # required
11907
13598
  # },
11908
13599
  # ],
13600
+ # rule_action_overrides: [
13601
+ # {
13602
+ # name: "EntityName", # required
13603
+ # action_to_use: { # required
13604
+ # block: {
13605
+ # custom_response: {
13606
+ # response_code: 1, # required
13607
+ # custom_response_body_key: "EntityName",
13608
+ # response_headers: [
13609
+ # {
13610
+ # name: "CustomHTTPHeaderName", # required
13611
+ # value: "CustomHTTPHeaderValue", # required
13612
+ # },
13613
+ # ],
13614
+ # },
13615
+ # },
13616
+ # allow: {
13617
+ # custom_request_handling: {
13618
+ # insert_headers: [ # required
13619
+ # {
13620
+ # name: "CustomHTTPHeaderName", # required
13621
+ # value: "CustomHTTPHeaderValue", # required
13622
+ # },
13623
+ # ],
13624
+ # },
13625
+ # },
13626
+ # count: {
13627
+ # custom_request_handling: {
13628
+ # insert_headers: [ # required
13629
+ # {
13630
+ # name: "CustomHTTPHeaderName", # required
13631
+ # value: "CustomHTTPHeaderValue", # required
13632
+ # },
13633
+ # ],
13634
+ # },
13635
+ # },
13636
+ # captcha: {
13637
+ # custom_request_handling: {
13638
+ # insert_headers: [ # required
13639
+ # {
13640
+ # name: "CustomHTTPHeaderName", # required
13641
+ # value: "CustomHTTPHeaderValue", # required
13642
+ # },
13643
+ # ],
13644
+ # },
13645
+ # },
13646
+ # challenge: {
13647
+ # custom_request_handling: {
13648
+ # insert_headers: [ # required
13649
+ # {
13650
+ # name: "CustomHTTPHeaderName", # required
13651
+ # value: "CustomHTTPHeaderValue", # required
13652
+ # },
13653
+ # ],
13654
+ # },
13655
+ # },
13656
+ # },
13657
+ # },
13658
+ # ],
11909
13659
  # },
11910
13660
  # ip_set_reference_statement: {
11911
13661
  # arn: "ResourceArn", # required
@@ -12017,6 +13767,68 @@ module Aws::WAFV2
12017
13767
  # password_field: {
12018
13768
  # identifier: "FieldIdentifier", # required
12019
13769
  # },
13770
+ # aws_managed_rules_bot_control_rule_set: {
13771
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
13772
+ # },
13773
+ # },
13774
+ # ],
13775
+ # rule_action_overrides: [
13776
+ # {
13777
+ # name: "EntityName", # required
13778
+ # action_to_use: { # required
13779
+ # block: {
13780
+ # custom_response: {
13781
+ # response_code: 1, # required
13782
+ # custom_response_body_key: "EntityName",
13783
+ # response_headers: [
13784
+ # {
13785
+ # name: "CustomHTTPHeaderName", # required
13786
+ # value: "CustomHTTPHeaderValue", # required
13787
+ # },
13788
+ # ],
13789
+ # },
13790
+ # },
13791
+ # allow: {
13792
+ # custom_request_handling: {
13793
+ # insert_headers: [ # required
13794
+ # {
13795
+ # name: "CustomHTTPHeaderName", # required
13796
+ # value: "CustomHTTPHeaderValue", # required
13797
+ # },
13798
+ # ],
13799
+ # },
13800
+ # },
13801
+ # count: {
13802
+ # custom_request_handling: {
13803
+ # insert_headers: [ # required
13804
+ # {
13805
+ # name: "CustomHTTPHeaderName", # required
13806
+ # value: "CustomHTTPHeaderValue", # required
13807
+ # },
13808
+ # ],
13809
+ # },
13810
+ # },
13811
+ # captcha: {
13812
+ # custom_request_handling: {
13813
+ # insert_headers: [ # required
13814
+ # {
13815
+ # name: "CustomHTTPHeaderName", # required
13816
+ # value: "CustomHTTPHeaderValue", # required
13817
+ # },
13818
+ # ],
13819
+ # },
13820
+ # },
13821
+ # challenge: {
13822
+ # custom_request_handling: {
13823
+ # insert_headers: [ # required
13824
+ # {
13825
+ # name: "CustomHTTPHeaderName", # required
13826
+ # value: "CustomHTTPHeaderValue", # required
13827
+ # },
13828
+ # ],
13829
+ # },
13830
+ # },
13831
+ # },
12020
13832
  # },
12021
13833
  # ],
12022
13834
  # },
@@ -12338,6 +14150,65 @@ module Aws::WAFV2
12338
14150
  # name: "EntityName", # required
12339
14151
  # },
12340
14152
  # ],
14153
+ # rule_action_overrides: [
14154
+ # {
14155
+ # name: "EntityName", # required
14156
+ # action_to_use: { # required
14157
+ # block: {
14158
+ # custom_response: {
14159
+ # response_code: 1, # required
14160
+ # custom_response_body_key: "EntityName",
14161
+ # response_headers: [
14162
+ # {
14163
+ # name: "CustomHTTPHeaderName", # required
14164
+ # value: "CustomHTTPHeaderValue", # required
14165
+ # },
14166
+ # ],
14167
+ # },
14168
+ # },
14169
+ # allow: {
14170
+ # custom_request_handling: {
14171
+ # insert_headers: [ # required
14172
+ # {
14173
+ # name: "CustomHTTPHeaderName", # required
14174
+ # value: "CustomHTTPHeaderValue", # required
14175
+ # },
14176
+ # ],
14177
+ # },
14178
+ # },
14179
+ # count: {
14180
+ # custom_request_handling: {
14181
+ # insert_headers: [ # required
14182
+ # {
14183
+ # name: "CustomHTTPHeaderName", # required
14184
+ # value: "CustomHTTPHeaderValue", # required
14185
+ # },
14186
+ # ],
14187
+ # },
14188
+ # },
14189
+ # captcha: {
14190
+ # custom_request_handling: {
14191
+ # insert_headers: [ # required
14192
+ # {
14193
+ # name: "CustomHTTPHeaderName", # required
14194
+ # value: "CustomHTTPHeaderValue", # required
14195
+ # },
14196
+ # ],
14197
+ # },
14198
+ # },
14199
+ # challenge: {
14200
+ # custom_request_handling: {
14201
+ # insert_headers: [ # required
14202
+ # {
14203
+ # name: "CustomHTTPHeaderName", # required
14204
+ # value: "CustomHTTPHeaderValue", # required
14205
+ # },
14206
+ # ],
14207
+ # },
14208
+ # },
14209
+ # },
14210
+ # },
14211
+ # ],
12341
14212
  # },
12342
14213
  # ip_set_reference_statement: {
12343
14214
  # arn: "ResourceArn", # required
@@ -12451,6 +14322,68 @@ module Aws::WAFV2
12451
14322
  # password_field: {
12452
14323
  # identifier: "FieldIdentifier", # required
12453
14324
  # },
14325
+ # aws_managed_rules_bot_control_rule_set: {
14326
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
14327
+ # },
14328
+ # },
14329
+ # ],
14330
+ # rule_action_overrides: [
14331
+ # {
14332
+ # name: "EntityName", # required
14333
+ # action_to_use: { # required
14334
+ # block: {
14335
+ # custom_response: {
14336
+ # response_code: 1, # required
14337
+ # custom_response_body_key: "EntityName",
14338
+ # response_headers: [
14339
+ # {
14340
+ # name: "CustomHTTPHeaderName", # required
14341
+ # value: "CustomHTTPHeaderValue", # required
14342
+ # },
14343
+ # ],
14344
+ # },
14345
+ # },
14346
+ # allow: {
14347
+ # custom_request_handling: {
14348
+ # insert_headers: [ # required
14349
+ # {
14350
+ # name: "CustomHTTPHeaderName", # required
14351
+ # value: "CustomHTTPHeaderValue", # required
14352
+ # },
14353
+ # ],
14354
+ # },
14355
+ # },
14356
+ # count: {
14357
+ # custom_request_handling: {
14358
+ # insert_headers: [ # required
14359
+ # {
14360
+ # name: "CustomHTTPHeaderName", # required
14361
+ # value: "CustomHTTPHeaderValue", # required
14362
+ # },
14363
+ # ],
14364
+ # },
14365
+ # },
14366
+ # captcha: {
14367
+ # custom_request_handling: {
14368
+ # insert_headers: [ # required
14369
+ # {
14370
+ # name: "CustomHTTPHeaderName", # required
14371
+ # value: "CustomHTTPHeaderValue", # required
14372
+ # },
14373
+ # ],
14374
+ # },
14375
+ # },
14376
+ # challenge: {
14377
+ # custom_request_handling: {
14378
+ # insert_headers: [ # required
14379
+ # {
14380
+ # name: "CustomHTTPHeaderName", # required
14381
+ # value: "CustomHTTPHeaderValue", # required
14382
+ # },
14383
+ # ],
14384
+ # },
14385
+ # },
14386
+ # },
12454
14387
  # },
12455
14388
  # ],
12456
14389
  # },
@@ -12769,6 +14702,65 @@ module Aws::WAFV2
12769
14702
  # name: "EntityName", # required
12770
14703
  # },
12771
14704
  # ],
14705
+ # rule_action_overrides: [
14706
+ # {
14707
+ # name: "EntityName", # required
14708
+ # action_to_use: { # required
14709
+ # block: {
14710
+ # custom_response: {
14711
+ # response_code: 1, # required
14712
+ # custom_response_body_key: "EntityName",
14713
+ # response_headers: [
14714
+ # {
14715
+ # name: "CustomHTTPHeaderName", # required
14716
+ # value: "CustomHTTPHeaderValue", # required
14717
+ # },
14718
+ # ],
14719
+ # },
14720
+ # },
14721
+ # allow: {
14722
+ # custom_request_handling: {
14723
+ # insert_headers: [ # required
14724
+ # {
14725
+ # name: "CustomHTTPHeaderName", # required
14726
+ # value: "CustomHTTPHeaderValue", # required
14727
+ # },
14728
+ # ],
14729
+ # },
14730
+ # },
14731
+ # count: {
14732
+ # custom_request_handling: {
14733
+ # insert_headers: [ # required
14734
+ # {
14735
+ # name: "CustomHTTPHeaderName", # required
14736
+ # value: "CustomHTTPHeaderValue", # required
14737
+ # },
14738
+ # ],
14739
+ # },
14740
+ # },
14741
+ # captcha: {
14742
+ # custom_request_handling: {
14743
+ # insert_headers: [ # required
14744
+ # {
14745
+ # name: "CustomHTTPHeaderName", # required
14746
+ # value: "CustomHTTPHeaderValue", # required
14747
+ # },
14748
+ # ],
14749
+ # },
14750
+ # },
14751
+ # challenge: {
14752
+ # custom_request_handling: {
14753
+ # insert_headers: [ # required
14754
+ # {
14755
+ # name: "CustomHTTPHeaderName", # required
14756
+ # value: "CustomHTTPHeaderValue", # required
14757
+ # },
14758
+ # ],
14759
+ # },
14760
+ # },
14761
+ # },
14762
+ # },
14763
+ # ],
12772
14764
  # },
12773
14765
  # ip_set_reference_statement: {
12774
14766
  # arn: "ResourceArn", # required
@@ -12882,6 +14874,68 @@ module Aws::WAFV2
12882
14874
  # password_field: {
12883
14875
  # identifier: "FieldIdentifier", # required
12884
14876
  # },
14877
+ # aws_managed_rules_bot_control_rule_set: {
14878
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
14879
+ # },
14880
+ # },
14881
+ # ],
14882
+ # rule_action_overrides: [
14883
+ # {
14884
+ # name: "EntityName", # required
14885
+ # action_to_use: { # required
14886
+ # block: {
14887
+ # custom_response: {
14888
+ # response_code: 1, # required
14889
+ # custom_response_body_key: "EntityName",
14890
+ # response_headers: [
14891
+ # {
14892
+ # name: "CustomHTTPHeaderName", # required
14893
+ # value: "CustomHTTPHeaderValue", # required
14894
+ # },
14895
+ # ],
14896
+ # },
14897
+ # },
14898
+ # allow: {
14899
+ # custom_request_handling: {
14900
+ # insert_headers: [ # required
14901
+ # {
14902
+ # name: "CustomHTTPHeaderName", # required
14903
+ # value: "CustomHTTPHeaderValue", # required
14904
+ # },
14905
+ # ],
14906
+ # },
14907
+ # },
14908
+ # count: {
14909
+ # custom_request_handling: {
14910
+ # insert_headers: [ # required
14911
+ # {
14912
+ # name: "CustomHTTPHeaderName", # required
14913
+ # value: "CustomHTTPHeaderValue", # required
14914
+ # },
14915
+ # ],
14916
+ # },
14917
+ # },
14918
+ # captcha: {
14919
+ # custom_request_handling: {
14920
+ # insert_headers: [ # required
14921
+ # {
14922
+ # name: "CustomHTTPHeaderName", # required
14923
+ # value: "CustomHTTPHeaderValue", # required
14924
+ # },
14925
+ # ],
14926
+ # },
14927
+ # },
14928
+ # challenge: {
14929
+ # custom_request_handling: {
14930
+ # insert_headers: [ # required
14931
+ # {
14932
+ # name: "CustomHTTPHeaderName", # required
14933
+ # value: "CustomHTTPHeaderValue", # required
14934
+ # },
14935
+ # ],
14936
+ # },
14937
+ # },
14938
+ # },
12885
14939
  # },
12886
14940
  # ],
12887
14941
  # },
@@ -13199,6 +15253,65 @@ module Aws::WAFV2
13199
15253
  # name: "EntityName", # required
13200
15254
  # },
13201
15255
  # ],
15256
+ # rule_action_overrides: [
15257
+ # {
15258
+ # name: "EntityName", # required
15259
+ # action_to_use: { # required
15260
+ # block: {
15261
+ # custom_response: {
15262
+ # response_code: 1, # required
15263
+ # custom_response_body_key: "EntityName",
15264
+ # response_headers: [
15265
+ # {
15266
+ # name: "CustomHTTPHeaderName", # required
15267
+ # value: "CustomHTTPHeaderValue", # required
15268
+ # },
15269
+ # ],
15270
+ # },
15271
+ # },
15272
+ # allow: {
15273
+ # custom_request_handling: {
15274
+ # insert_headers: [ # required
15275
+ # {
15276
+ # name: "CustomHTTPHeaderName", # required
15277
+ # value: "CustomHTTPHeaderValue", # required
15278
+ # },
15279
+ # ],
15280
+ # },
15281
+ # },
15282
+ # count: {
15283
+ # custom_request_handling: {
15284
+ # insert_headers: [ # required
15285
+ # {
15286
+ # name: "CustomHTTPHeaderName", # required
15287
+ # value: "CustomHTTPHeaderValue", # required
15288
+ # },
15289
+ # ],
15290
+ # },
15291
+ # },
15292
+ # captcha: {
15293
+ # custom_request_handling: {
15294
+ # insert_headers: [ # required
15295
+ # {
15296
+ # name: "CustomHTTPHeaderName", # required
15297
+ # value: "CustomHTTPHeaderValue", # required
15298
+ # },
15299
+ # ],
15300
+ # },
15301
+ # },
15302
+ # challenge: {
15303
+ # custom_request_handling: {
15304
+ # insert_headers: [ # required
15305
+ # {
15306
+ # name: "CustomHTTPHeaderName", # required
15307
+ # value: "CustomHTTPHeaderValue", # required
15308
+ # },
15309
+ # ],
15310
+ # },
15311
+ # },
15312
+ # },
15313
+ # },
15314
+ # ],
13202
15315
  # },
13203
15316
  # ip_set_reference_statement: {
13204
15317
  # arn: "ResourceArn", # required
@@ -13316,6 +15429,68 @@ module Aws::WAFV2
13316
15429
  # password_field: {
13317
15430
  # identifier: "FieldIdentifier", # required
13318
15431
  # },
15432
+ # aws_managed_rules_bot_control_rule_set: {
15433
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
15434
+ # },
15435
+ # },
15436
+ # ],
15437
+ # rule_action_overrides: [
15438
+ # {
15439
+ # name: "EntityName", # required
15440
+ # action_to_use: { # required
15441
+ # block: {
15442
+ # custom_response: {
15443
+ # response_code: 1, # required
15444
+ # custom_response_body_key: "EntityName",
15445
+ # response_headers: [
15446
+ # {
15447
+ # name: "CustomHTTPHeaderName", # required
15448
+ # value: "CustomHTTPHeaderValue", # required
15449
+ # },
15450
+ # ],
15451
+ # },
15452
+ # },
15453
+ # allow: {
15454
+ # custom_request_handling: {
15455
+ # insert_headers: [ # required
15456
+ # {
15457
+ # name: "CustomHTTPHeaderName", # required
15458
+ # value: "CustomHTTPHeaderValue", # required
15459
+ # },
15460
+ # ],
15461
+ # },
15462
+ # },
15463
+ # count: {
15464
+ # custom_request_handling: {
15465
+ # insert_headers: [ # required
15466
+ # {
15467
+ # name: "CustomHTTPHeaderName", # required
15468
+ # value: "CustomHTTPHeaderValue", # required
15469
+ # },
15470
+ # ],
15471
+ # },
15472
+ # },
15473
+ # captcha: {
15474
+ # custom_request_handling: {
15475
+ # insert_headers: [ # required
15476
+ # {
15477
+ # name: "CustomHTTPHeaderName", # required
15478
+ # value: "CustomHTTPHeaderValue", # required
15479
+ # },
15480
+ # ],
15481
+ # },
15482
+ # },
15483
+ # challenge: {
15484
+ # custom_request_handling: {
15485
+ # insert_headers: [ # required
15486
+ # {
15487
+ # name: "CustomHTTPHeaderName", # required
15488
+ # value: "CustomHTTPHeaderValue", # required
15489
+ # },
15490
+ # ],
15491
+ # },
15492
+ # },
15493
+ # },
13319
15494
  # },
13320
15495
  # ],
13321
15496
  # },
@@ -13640,6 +15815,65 @@ module Aws::WAFV2
13640
15815
  # name: "EntityName", # required
13641
15816
  # },
13642
15817
  # ],
15818
+ # rule_action_overrides: [
15819
+ # {
15820
+ # name: "EntityName", # required
15821
+ # action_to_use: { # required
15822
+ # block: {
15823
+ # custom_response: {
15824
+ # response_code: 1, # required
15825
+ # custom_response_body_key: "EntityName",
15826
+ # response_headers: [
15827
+ # {
15828
+ # name: "CustomHTTPHeaderName", # required
15829
+ # value: "CustomHTTPHeaderValue", # required
15830
+ # },
15831
+ # ],
15832
+ # },
15833
+ # },
15834
+ # allow: {
15835
+ # custom_request_handling: {
15836
+ # insert_headers: [ # required
15837
+ # {
15838
+ # name: "CustomHTTPHeaderName", # required
15839
+ # value: "CustomHTTPHeaderValue", # required
15840
+ # },
15841
+ # ],
15842
+ # },
15843
+ # },
15844
+ # count: {
15845
+ # custom_request_handling: {
15846
+ # insert_headers: [ # required
15847
+ # {
15848
+ # name: "CustomHTTPHeaderName", # required
15849
+ # value: "CustomHTTPHeaderValue", # required
15850
+ # },
15851
+ # ],
15852
+ # },
15853
+ # },
15854
+ # captcha: {
15855
+ # custom_request_handling: {
15856
+ # insert_headers: [ # required
15857
+ # {
15858
+ # name: "CustomHTTPHeaderName", # required
15859
+ # value: "CustomHTTPHeaderValue", # required
15860
+ # },
15861
+ # ],
15862
+ # },
15863
+ # },
15864
+ # challenge: {
15865
+ # custom_request_handling: {
15866
+ # insert_headers: [ # required
15867
+ # {
15868
+ # name: "CustomHTTPHeaderName", # required
15869
+ # value: "CustomHTTPHeaderValue", # required
15870
+ # },
15871
+ # ],
15872
+ # },
15873
+ # },
15874
+ # },
15875
+ # },
15876
+ # ],
13643
15877
  # },
13644
15878
  # ip_set_reference_statement: {
13645
15879
  # arn: "ResourceArn", # required
@@ -13813,6 +16047,68 @@ module Aws::WAFV2
13813
16047
  # password_field: {
13814
16048
  # identifier: "FieldIdentifier", # required
13815
16049
  # },
16050
+ # aws_managed_rules_bot_control_rule_set: {
16051
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
16052
+ # },
16053
+ # },
16054
+ # ],
16055
+ # rule_action_overrides: [
16056
+ # {
16057
+ # name: "EntityName", # required
16058
+ # action_to_use: { # required
16059
+ # block: {
16060
+ # custom_response: {
16061
+ # response_code: 1, # required
16062
+ # custom_response_body_key: "EntityName",
16063
+ # response_headers: [
16064
+ # {
16065
+ # name: "CustomHTTPHeaderName", # required
16066
+ # value: "CustomHTTPHeaderValue", # required
16067
+ # },
16068
+ # ],
16069
+ # },
16070
+ # },
16071
+ # allow: {
16072
+ # custom_request_handling: {
16073
+ # insert_headers: [ # required
16074
+ # {
16075
+ # name: "CustomHTTPHeaderName", # required
16076
+ # value: "CustomHTTPHeaderValue", # required
16077
+ # },
16078
+ # ],
16079
+ # },
16080
+ # },
16081
+ # count: {
16082
+ # custom_request_handling: {
16083
+ # insert_headers: [ # required
16084
+ # {
16085
+ # name: "CustomHTTPHeaderName", # required
16086
+ # value: "CustomHTTPHeaderValue", # required
16087
+ # },
16088
+ # ],
16089
+ # },
16090
+ # },
16091
+ # captcha: {
16092
+ # custom_request_handling: {
16093
+ # insert_headers: [ # required
16094
+ # {
16095
+ # name: "CustomHTTPHeaderName", # required
16096
+ # value: "CustomHTTPHeaderValue", # required
16097
+ # },
16098
+ # ],
16099
+ # },
16100
+ # },
16101
+ # challenge: {
16102
+ # custom_request_handling: {
16103
+ # insert_headers: [ # required
16104
+ # {
16105
+ # name: "CustomHTTPHeaderName", # required
16106
+ # value: "CustomHTTPHeaderValue", # required
16107
+ # },
16108
+ # ],
16109
+ # },
16110
+ # },
16111
+ # },
13816
16112
  # },
13817
16113
  # ],
13818
16114
  # },
@@ -15020,6 +17316,65 @@ module Aws::WAFV2
15020
17316
  # name: "EntityName", # required
15021
17317
  # },
15022
17318
  # ],
17319
+ # rule_action_overrides: [
17320
+ # {
17321
+ # name: "EntityName", # required
17322
+ # action_to_use: { # required
17323
+ # block: {
17324
+ # custom_response: {
17325
+ # response_code: 1, # required
17326
+ # custom_response_body_key: "EntityName",
17327
+ # response_headers: [
17328
+ # {
17329
+ # name: "CustomHTTPHeaderName", # required
17330
+ # value: "CustomHTTPHeaderValue", # required
17331
+ # },
17332
+ # ],
17333
+ # },
17334
+ # },
17335
+ # allow: {
17336
+ # custom_request_handling: {
17337
+ # insert_headers: [ # required
17338
+ # {
17339
+ # name: "CustomHTTPHeaderName", # required
17340
+ # value: "CustomHTTPHeaderValue", # required
17341
+ # },
17342
+ # ],
17343
+ # },
17344
+ # },
17345
+ # count: {
17346
+ # custom_request_handling: {
17347
+ # insert_headers: [ # required
17348
+ # {
17349
+ # name: "CustomHTTPHeaderName", # required
17350
+ # value: "CustomHTTPHeaderValue", # required
17351
+ # },
17352
+ # ],
17353
+ # },
17354
+ # },
17355
+ # captcha: {
17356
+ # custom_request_handling: {
17357
+ # insert_headers: [ # required
17358
+ # {
17359
+ # name: "CustomHTTPHeaderName", # required
17360
+ # value: "CustomHTTPHeaderValue", # required
17361
+ # },
17362
+ # ],
17363
+ # },
17364
+ # },
17365
+ # challenge: {
17366
+ # custom_request_handling: {
17367
+ # insert_headers: [ # required
17368
+ # {
17369
+ # name: "CustomHTTPHeaderName", # required
17370
+ # value: "CustomHTTPHeaderValue", # required
17371
+ # },
17372
+ # ],
17373
+ # },
17374
+ # },
17375
+ # },
17376
+ # },
17377
+ # ],
15023
17378
  # },
15024
17379
  # ip_set_reference_statement: {
15025
17380
  # arn: "ResourceArn", # required
@@ -15139,6 +17494,68 @@ module Aws::WAFV2
15139
17494
  # password_field: {
15140
17495
  # identifier: "FieldIdentifier", # required
15141
17496
  # },
17497
+ # aws_managed_rules_bot_control_rule_set: {
17498
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
17499
+ # },
17500
+ # },
17501
+ # ],
17502
+ # rule_action_overrides: [
17503
+ # {
17504
+ # name: "EntityName", # required
17505
+ # action_to_use: { # required
17506
+ # block: {
17507
+ # custom_response: {
17508
+ # response_code: 1, # required
17509
+ # custom_response_body_key: "EntityName",
17510
+ # response_headers: [
17511
+ # {
17512
+ # name: "CustomHTTPHeaderName", # required
17513
+ # value: "CustomHTTPHeaderValue", # required
17514
+ # },
17515
+ # ],
17516
+ # },
17517
+ # },
17518
+ # allow: {
17519
+ # custom_request_handling: {
17520
+ # insert_headers: [ # required
17521
+ # {
17522
+ # name: "CustomHTTPHeaderName", # required
17523
+ # value: "CustomHTTPHeaderValue", # required
17524
+ # },
17525
+ # ],
17526
+ # },
17527
+ # },
17528
+ # count: {
17529
+ # custom_request_handling: {
17530
+ # insert_headers: [ # required
17531
+ # {
17532
+ # name: "CustomHTTPHeaderName", # required
17533
+ # value: "CustomHTTPHeaderValue", # required
17534
+ # },
17535
+ # ],
17536
+ # },
17537
+ # },
17538
+ # captcha: {
17539
+ # custom_request_handling: {
17540
+ # insert_headers: [ # required
17541
+ # {
17542
+ # name: "CustomHTTPHeaderName", # required
17543
+ # value: "CustomHTTPHeaderValue", # required
17544
+ # },
17545
+ # ],
17546
+ # },
17547
+ # },
17548
+ # challenge: {
17549
+ # custom_request_handling: {
17550
+ # insert_headers: [ # required
17551
+ # {
17552
+ # name: "CustomHTTPHeaderName", # required
17553
+ # value: "CustomHTTPHeaderValue", # required
17554
+ # },
17555
+ # ],
17556
+ # },
17557
+ # },
17558
+ # },
15142
17559
  # },
15143
17560
  # ],
15144
17561
  # },
@@ -15248,6 +17665,16 @@ module Aws::WAFV2
15248
17665
  # ],
15249
17666
  # },
15250
17667
  # },
17668
+ # challenge: {
17669
+ # custom_request_handling: {
17670
+ # insert_headers: [ # required
17671
+ # {
17672
+ # name: "CustomHTTPHeaderName", # required
17673
+ # value: "CustomHTTPHeaderValue", # required
17674
+ # },
17675
+ # ],
17676
+ # },
17677
+ # },
15251
17678
  # },
15252
17679
  # override_action: {
15253
17680
  # count: {
@@ -15278,6 +17705,11 @@ module Aws::WAFV2
15278
17705
  # immunity_time: 1, # required
15279
17706
  # },
15280
17707
  # },
17708
+ # challenge_config: {
17709
+ # immunity_time_property: {
17710
+ # immunity_time: 1, # required
17711
+ # },
17712
+ # },
15281
17713
  # },
15282
17714
  # ],
15283
17715
  # visibility_config: { # required
@@ -15682,6 +18114,65 @@ module Aws::WAFV2
15682
18114
  # name: "EntityName", # required
15683
18115
  # },
15684
18116
  # ],
18117
+ # rule_action_overrides: [
18118
+ # {
18119
+ # name: "EntityName", # required
18120
+ # action_to_use: { # required
18121
+ # block: {
18122
+ # custom_response: {
18123
+ # response_code: 1, # required
18124
+ # custom_response_body_key: "EntityName",
18125
+ # response_headers: [
18126
+ # {
18127
+ # name: "CustomHTTPHeaderName", # required
18128
+ # value: "CustomHTTPHeaderValue", # required
18129
+ # },
18130
+ # ],
18131
+ # },
18132
+ # },
18133
+ # allow: {
18134
+ # custom_request_handling: {
18135
+ # insert_headers: [ # required
18136
+ # {
18137
+ # name: "CustomHTTPHeaderName", # required
18138
+ # value: "CustomHTTPHeaderValue", # required
18139
+ # },
18140
+ # ],
18141
+ # },
18142
+ # },
18143
+ # count: {
18144
+ # custom_request_handling: {
18145
+ # insert_headers: [ # required
18146
+ # {
18147
+ # name: "CustomHTTPHeaderName", # required
18148
+ # value: "CustomHTTPHeaderValue", # required
18149
+ # },
18150
+ # ],
18151
+ # },
18152
+ # },
18153
+ # captcha: {
18154
+ # custom_request_handling: {
18155
+ # insert_headers: [ # required
18156
+ # {
18157
+ # name: "CustomHTTPHeaderName", # required
18158
+ # value: "CustomHTTPHeaderValue", # required
18159
+ # },
18160
+ # ],
18161
+ # },
18162
+ # },
18163
+ # challenge: {
18164
+ # custom_request_handling: {
18165
+ # insert_headers: [ # required
18166
+ # {
18167
+ # name: "CustomHTTPHeaderName", # required
18168
+ # value: "CustomHTTPHeaderValue", # required
18169
+ # },
18170
+ # ],
18171
+ # },
18172
+ # },
18173
+ # },
18174
+ # },
18175
+ # ],
15685
18176
  # },
15686
18177
  # ip_set_reference_statement: {
15687
18178
  # arn: "ResourceArn", # required
@@ -15801,6 +18292,68 @@ module Aws::WAFV2
15801
18292
  # password_field: {
15802
18293
  # identifier: "FieldIdentifier", # required
15803
18294
  # },
18295
+ # aws_managed_rules_bot_control_rule_set: {
18296
+ # inspection_level: "COMMON", # required, accepts COMMON, TARGETED
18297
+ # },
18298
+ # },
18299
+ # ],
18300
+ # rule_action_overrides: [
18301
+ # {
18302
+ # name: "EntityName", # required
18303
+ # action_to_use: { # required
18304
+ # block: {
18305
+ # custom_response: {
18306
+ # response_code: 1, # required
18307
+ # custom_response_body_key: "EntityName",
18308
+ # response_headers: [
18309
+ # {
18310
+ # name: "CustomHTTPHeaderName", # required
18311
+ # value: "CustomHTTPHeaderValue", # required
18312
+ # },
18313
+ # ],
18314
+ # },
18315
+ # },
18316
+ # allow: {
18317
+ # custom_request_handling: {
18318
+ # insert_headers: [ # required
18319
+ # {
18320
+ # name: "CustomHTTPHeaderName", # required
18321
+ # value: "CustomHTTPHeaderValue", # required
18322
+ # },
18323
+ # ],
18324
+ # },
18325
+ # },
18326
+ # count: {
18327
+ # custom_request_handling: {
18328
+ # insert_headers: [ # required
18329
+ # {
18330
+ # name: "CustomHTTPHeaderName", # required
18331
+ # value: "CustomHTTPHeaderValue", # required
18332
+ # },
18333
+ # ],
18334
+ # },
18335
+ # },
18336
+ # captcha: {
18337
+ # custom_request_handling: {
18338
+ # insert_headers: [ # required
18339
+ # {
18340
+ # name: "CustomHTTPHeaderName", # required
18341
+ # value: "CustomHTTPHeaderValue", # required
18342
+ # },
18343
+ # ],
18344
+ # },
18345
+ # },
18346
+ # challenge: {
18347
+ # custom_request_handling: {
18348
+ # insert_headers: [ # required
18349
+ # {
18350
+ # name: "CustomHTTPHeaderName", # required
18351
+ # value: "CustomHTTPHeaderValue", # required
18352
+ # },
18353
+ # ],
18354
+ # },
18355
+ # },
18356
+ # },
15804
18357
  # },
15805
18358
  # ],
15806
18359
  # },
@@ -15910,6 +18463,16 @@ module Aws::WAFV2
15910
18463
  # ],
15911
18464
  # },
15912
18465
  # },
18466
+ # challenge: {
18467
+ # custom_request_handling: {
18468
+ # insert_headers: [ # required
18469
+ # {
18470
+ # name: "CustomHTTPHeaderName", # required
18471
+ # value: "CustomHTTPHeaderValue", # required
18472
+ # },
18473
+ # ],
18474
+ # },
18475
+ # },
15913
18476
  # },
15914
18477
  # override_action: {
15915
18478
  # count: {
@@ -15940,6 +18503,11 @@ module Aws::WAFV2
15940
18503
  # immunity_time: 1, # required
15941
18504
  # },
15942
18505
  # },
18506
+ # challenge_config: {
18507
+ # immunity_time_property: {
18508
+ # immunity_time: 1, # required
18509
+ # },
18510
+ # },
15943
18511
  # },
15944
18512
  # ],
15945
18513
  # visibility_config: { # required
@@ -15959,6 +18527,12 @@ module Aws::WAFV2
15959
18527
  # immunity_time: 1, # required
15960
18528
  # },
15961
18529
  # },
18530
+ # challenge_config: {
18531
+ # immunity_time_property: {
18532
+ # immunity_time: 1, # required
18533
+ # },
18534
+ # },
18535
+ # token_domains: ["TokenDomain"],
15962
18536
  # }
15963
18537
  #
15964
18538
  # @!attribute [rw] name
@@ -16047,6 +18621,26 @@ module Aws::WAFV2
16047
18621
  # specify this, WAF uses its default settings for `CaptchaConfig`.
16048
18622
  # @return [Types::CaptchaConfig]
16049
18623
  #
18624
+ # @!attribute [rw] challenge_config
18625
+ # Specifies how WAF should handle challenge evaluations for rules that
18626
+ # don't have their own `ChallengeConfig` settings. If you don't
18627
+ # specify this, WAF uses its default settings for `ChallengeConfig`.
18628
+ # @return [Types::ChallengeConfig]
18629
+ #
18630
+ # @!attribute [rw] token_domains
18631
+ # Specifies the domains that WAF should accept in a web request token.
18632
+ # This enables the use of tokens across multiple protected websites.
18633
+ # When WAF provides a token, it uses the domain of the Amazon Web
18634
+ # Services resource that the web ACL is protecting. If you don't
18635
+ # specify a list of token domains, WAF accepts tokens only for the
18636
+ # domain of the protected resource. With a token domain list, WAF
18637
+ # accepts the resource's host domain plus all domains in the token
18638
+ # domain list, including their prefixed subdomains.
18639
+ #
18640
+ # Example JSON: `"TokenDomains": \{ "mywebsite.com",
18641
+ # "myotherwebsite.com" \}`
18642
+ # @return [Array<String>]
18643
+ #
16050
18644
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
16051
18645
  #
16052
18646
  class UpdateWebACLRequest < Struct.new(
@@ -16059,7 +18653,9 @@ module Aws::WAFV2
16059
18653
  :visibility_config,
16060
18654
  :lock_token,
16061
18655
  :custom_response_bodies,
16062
- :captcha_config)
18656
+ :captcha_config,
18657
+ :challenge_config,
18658
+ :token_domains)
16063
18659
  SENSITIVE = []
16064
18660
  include Aws::Structure
16065
18661
  end
@@ -16678,6 +19274,23 @@ module Aws::WAFV2
16678
19274
  # specify this, WAF uses its default settings for `CaptchaConfig`.
16679
19275
  # @return [Types::CaptchaConfig]
16680
19276
  #
19277
+ # @!attribute [rw] challenge_config
19278
+ # Specifies how WAF should handle challenge evaluations for rules that
19279
+ # don't have their own `ChallengeConfig` settings. If you don't
19280
+ # specify this, WAF uses its default settings for `ChallengeConfig`.
19281
+ # @return [Types::ChallengeConfig]
19282
+ #
19283
+ # @!attribute [rw] token_domains
19284
+ # Specifies the domains that WAF should accept in a web request token.
19285
+ # This enables the use of tokens across multiple protected websites.
19286
+ # When WAF provides a token, it uses the domain of the Amazon Web
19287
+ # Services resource that the web ACL is protecting. If you don't
19288
+ # specify a list of token domains, WAF accepts tokens only for the
19289
+ # domain of the protected resource. With a token domain list, WAF
19290
+ # accepts the resource's host domain plus all domains in the token
19291
+ # domain list, including their prefixed subdomains.
19292
+ # @return [Array<String>]
19293
+ #
16681
19294
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
16682
19295
  #
16683
19296
  class WebACL < Struct.new(
@@ -16694,7 +19307,9 @@ module Aws::WAFV2
16694
19307
  :managed_by_firewall_manager,
16695
19308
  :label_namespace,
16696
19309
  :custom_response_bodies,
16697
- :captcha_config)
19310
+ :captcha_config,
19311
+ :challenge_config,
19312
+ :token_domains)
16698
19313
  SENSITIVE = []
16699
19314
  include Aws::Structure
16700
19315
  end