aws-sdk-wafv2 1.47.0 → 1.49.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2/client.rb +315 -1
- data/lib/aws-sdk-wafv2/client_api.rb +76 -4
- data/lib/aws-sdk-wafv2/endpoint_parameters.rb +0 -3
- data/lib/aws-sdk-wafv2/endpoint_provider.rb +102 -21
- data/lib/aws-sdk-wafv2/types.rb +449 -17
- data/lib/aws-sdk-wafv2.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -10,7 +10,61 @@
|
|
10
10
|
module Aws::WAFV2
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# Details for your use of the
|
13
|
+
# Details for your use of the account takeover prevention managed rule
|
14
|
+
# group, `AWSManagedRulesATPRuleSet`. This configuration is used in
|
15
|
+
# `ManagedRuleGroupConfig`.
|
16
|
+
#
|
17
|
+
# @!attribute [rw] login_path
|
18
|
+
# The path of the login endpoint for your application. For example,
|
19
|
+
# for the URL `https://example.com/web/login`, you would provide the
|
20
|
+
# path `/web/login`.
|
21
|
+
#
|
22
|
+
# The rule group inspects only HTTP `POST` requests to your specified
|
23
|
+
# login endpoint.
|
24
|
+
# @return [String]
|
25
|
+
#
|
26
|
+
# @!attribute [rw] request_inspection
|
27
|
+
# The criteria for inspecting login requests, used by the ATP rule
|
28
|
+
# group to validate credentials usage.
|
29
|
+
# @return [Types::RequestInspection]
|
30
|
+
#
|
31
|
+
# @!attribute [rw] response_inspection
|
32
|
+
# The criteria for inspecting responses to login requests, used by the
|
33
|
+
# ATP rule group to track login failure rates.
|
34
|
+
#
|
35
|
+
# The ATP rule group evaluates the responses that your protected
|
36
|
+
# resources send back to client login attempts, keeping count of
|
37
|
+
# successful and failed attempts from each IP address and client
|
38
|
+
# session. Using this information, the rule group labels and mitigates
|
39
|
+
# requests from client sessions and IP addresses that submit too many
|
40
|
+
# failed login attempts in a short amount of time.
|
41
|
+
#
|
42
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect
|
43
|
+
# Amazon CloudFront distributions.
|
44
|
+
#
|
45
|
+
# </note>
|
46
|
+
#
|
47
|
+
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1,
|
48
|
+
# it's possible to configure response inspection through the APIs,
|
49
|
+
# but ATP response inspection will not be enabled. You can only use
|
50
|
+
# the response inspection capabilities of the ATP managed rule group
|
51
|
+
# in web ACLs that protect CloudFront distributions.
|
52
|
+
#
|
53
|
+
# </note>
|
54
|
+
# @return [Types::ResponseInspection]
|
55
|
+
#
|
56
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesATPRuleSet AWS API Documentation
|
57
|
+
#
|
58
|
+
class AWSManagedRulesATPRuleSet < Struct.new(
|
59
|
+
:login_path,
|
60
|
+
:request_inspection,
|
61
|
+
:response_inspection)
|
62
|
+
SENSITIVE = []
|
63
|
+
include Aws::Structure
|
64
|
+
end
|
65
|
+
|
66
|
+
# Details for your use of the Bot Control managed rule group,
|
67
|
+
# `AWSManagedRulesBotControlRuleSet`. This configuration is used in
|
14
68
|
# `ManagedRuleGroupConfig`.
|
15
69
|
#
|
16
70
|
# @!attribute [rw] inspection_level
|
@@ -239,7 +293,7 @@ module Aws::WAFV2
|
|
239
293
|
# @!attribute [rw] search_string
|
240
294
|
# A string value that you want WAF to search for. WAF searches only in
|
241
295
|
# the part of web requests that you designate for inspection in
|
242
|
-
# FieldToMatch. The maximum length of the value is
|
296
|
+
# FieldToMatch. The maximum length of the value is 200 bytes.
|
243
297
|
#
|
244
298
|
# Valid values depend on the component that you specify for inspection
|
245
299
|
# in `FieldToMatch`\:
|
@@ -256,7 +310,7 @@ module Aws::WAFV2
|
|
256
310
|
# **If you're using the WAF API**
|
257
311
|
#
|
258
312
|
# Specify a base64-encoded version of the value. The maximum length of
|
259
|
-
# the value before you base64-encode it is
|
313
|
+
# the value before you base64-encode it is 200 bytes.
|
260
314
|
#
|
261
315
|
# For example, suppose the value of `Type` is `HEADER` and the value
|
262
316
|
# of `Data` is `User-Agent`. If you want to search the `User-Agent`
|
@@ -4209,6 +4263,11 @@ module Aws::WAFV2
|
|
4209
4263
|
# Additional information that's used by a managed rule group. Many
|
4210
4264
|
# managed rule groups don't require this.
|
4211
4265
|
#
|
4266
|
+
# Use the `AWSManagedRulesATPRuleSet` configuration object for the
|
4267
|
+
# account takeover prevention managed rule group, to provide information
|
4268
|
+
# such as the sign-in page of your application and the type of content
|
4269
|
+
# to accept or reject from the client.
|
4270
|
+
#
|
4212
4271
|
# Use the `AWSManagedRulesBotControlRuleSet` configuration object to
|
4213
4272
|
# configure the protection level that you want the Bot Control rule
|
4214
4273
|
# group to use.
|
@@ -4216,22 +4275,31 @@ module Aws::WAFV2
|
|
4216
4275
|
# For example specifications, see the examples section of CreateWebACL.
|
4217
4276
|
#
|
4218
4277
|
# @!attribute [rw] login_path
|
4219
|
-
#
|
4220
|
-
#
|
4221
|
-
#
|
4278
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4279
|
+
# `AWSManagedRulesATPRuleSet`.
|
4280
|
+
#
|
4281
|
+
# </note>
|
4222
4282
|
# @return [String]
|
4223
4283
|
#
|
4224
4284
|
# @!attribute [rw] payload_type
|
4225
|
-
#
|
4226
|
-
#
|
4285
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4286
|
+
# `AWSManagedRulesATPRuleSet` `RequestInspection`.
|
4287
|
+
#
|
4288
|
+
# </note>
|
4227
4289
|
# @return [String]
|
4228
4290
|
#
|
4229
4291
|
# @!attribute [rw] username_field
|
4230
|
-
#
|
4292
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4293
|
+
# `AWSManagedRulesATPRuleSet` `RequestInspection`.
|
4294
|
+
#
|
4295
|
+
# </note>
|
4231
4296
|
# @return [Types::UsernameField]
|
4232
4297
|
#
|
4233
4298
|
# @!attribute [rw] password_field
|
4234
|
-
#
|
4299
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4300
|
+
# `AWSManagedRulesATPRuleSet` `RequestInspection`.
|
4301
|
+
#
|
4302
|
+
# </note>
|
4235
4303
|
# @return [Types::PasswordField]
|
4236
4304
|
#
|
4237
4305
|
# @!attribute [rw] aws_managed_rules_bot_control_rule_set
|
@@ -4247,6 +4315,36 @@ module Aws::WAFV2
|
|
4247
4315
|
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html
|
4248
4316
|
# @return [Types::AWSManagedRulesBotControlRuleSet]
|
4249
4317
|
#
|
4318
|
+
# @!attribute [rw] aws_managed_rules_atp_rule_set
|
4319
|
+
# Additional configuration for using the account takeover prevention
|
4320
|
+
# (ATP) managed rule group, `AWSManagedRulesATPRuleSet`. Use this to
|
4321
|
+
# provide login request information to the rule group. For web ACLs
|
4322
|
+
# that protect CloudFront distributions, use this to also provide the
|
4323
|
+
# information about how your distribution responds to login requests.
|
4324
|
+
#
|
4325
|
+
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1,
|
4326
|
+
# it's possible to configure response inspection through the APIs,
|
4327
|
+
# but ATP response inspection will not be enabled. You can only use
|
4328
|
+
# the response inspection capabilities of the ATP managed rule group
|
4329
|
+
# in web ACLs that protect CloudFront distributions.
|
4330
|
+
#
|
4331
|
+
# </note>
|
4332
|
+
#
|
4333
|
+
# This configuration replaces the individual configuration fields in
|
4334
|
+
# `ManagedRuleGroupConfig` and provides additional feature
|
4335
|
+
# configuration.
|
4336
|
+
#
|
4337
|
+
# For information about using the ATP managed rule group, see [WAF
|
4338
|
+
# Fraud Control account takeover prevention (ATP) rule group][1] and
|
4339
|
+
# [WAF Fraud Control account takeover prevention (ATP)][2] in the *WAF
|
4340
|
+
# Developer Guide*.
|
4341
|
+
#
|
4342
|
+
#
|
4343
|
+
#
|
4344
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-atp.html
|
4345
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html
|
4346
|
+
# @return [Types::AWSManagedRulesATPRuleSet]
|
4347
|
+
#
|
4250
4348
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupConfig AWS API Documentation
|
4251
4349
|
#
|
4252
4350
|
class ManagedRuleGroupConfig < Struct.new(
|
@@ -4254,7 +4352,8 @@ module Aws::WAFV2
|
|
4254
4352
|
:payload_type,
|
4255
4353
|
:username_field,
|
4256
4354
|
:password_field,
|
4257
|
-
:aws_managed_rules_bot_control_rule_set
|
4355
|
+
:aws_managed_rules_bot_control_rule_set,
|
4356
|
+
:aws_managed_rules_atp_rule_set)
|
4258
4357
|
SENSITIVE = []
|
4259
4358
|
include Aws::Structure
|
4260
4359
|
end
|
@@ -4320,6 +4419,11 @@ module Aws::WAFV2
|
|
4320
4419
|
# Additional information that's used by a managed rule group. Many
|
4321
4420
|
# managed rule groups don't require this.
|
4322
4421
|
#
|
4422
|
+
# Use the `AWSManagedRulesATPRuleSet` configuration object for the
|
4423
|
+
# account takeover prevention managed rule group, to provide
|
4424
|
+
# information such as the sign-in page of your application and the
|
4425
|
+
# type of content to accept or reject from the client.
|
4426
|
+
#
|
4323
4427
|
# Use the `AWSManagedRulesBotControlRuleSet` configuration object to
|
4324
4428
|
# configure the protection level that you want the Bot Control rule
|
4325
4429
|
# group to use.
|
@@ -4785,8 +4889,9 @@ module Aws::WAFV2
|
|
4785
4889
|
include Aws::Structure
|
4786
4890
|
end
|
4787
4891
|
|
4788
|
-
# Details about your login page password field
|
4789
|
-
# `
|
4892
|
+
# Details about your login page password field for request inspection,
|
4893
|
+
# used in the `AWSManagedRulesATPRuleSet` `RequestInspection`
|
4894
|
+
# configuration.
|
4790
4895
|
#
|
4791
4896
|
# @!attribute [rw] identifier
|
4792
4897
|
# The name of the password field. For example `/form/password`.
|
@@ -4990,7 +5095,7 @@ module Aws::WAFV2
|
|
4990
5095
|
# rate-based rule with a nested AND rule statement that contains the
|
4991
5096
|
# following nested statements:
|
4992
5097
|
#
|
4993
|
-
# * An IP match statement with an IP set that
|
5098
|
+
# * An IP match statement with an IP set that specifies the address
|
4994
5099
|
# 192.0.2.44.
|
4995
5100
|
#
|
4996
5101
|
# * A string match statement that searches in the User-Agent header for
|
@@ -5272,6 +5377,332 @@ module Aws::WAFV2
|
|
5272
5377
|
include Aws::Structure
|
5273
5378
|
end
|
5274
5379
|
|
5380
|
+
# The criteria for inspecting login requests, used by the ATP rule group
|
5381
|
+
# to validate credentials usage.
|
5382
|
+
#
|
5383
|
+
# This is part of the `AWSManagedRulesATPRuleSet` configuration in
|
5384
|
+
# `ManagedRuleGroupConfig`.
|
5385
|
+
#
|
5386
|
+
# In these settings, you specify how your application accepts login
|
5387
|
+
# attempts by providing the request payload type and the names of the
|
5388
|
+
# fields within the request body where the username and password are
|
5389
|
+
# provided.
|
5390
|
+
#
|
5391
|
+
# @!attribute [rw] payload_type
|
5392
|
+
# The payload type for your login endpoint, either JSON or form
|
5393
|
+
# encoded.
|
5394
|
+
# @return [String]
|
5395
|
+
#
|
5396
|
+
# @!attribute [rw] username_field
|
5397
|
+
# Details about your login page username field.
|
5398
|
+
#
|
5399
|
+
# How you specify this depends on the payload type.
|
5400
|
+
#
|
5401
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
5402
|
+
# For information about the JSON Pointer syntax, see the Internet
|
5403
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
5404
|
+
# Notation (JSON) Pointer][1].
|
5405
|
+
#
|
5406
|
+
# For example, for the JSON payload `\{ "login": \{ "username":
|
5407
|
+
# "THE_USERNAME", "password": "THE_PASSWORD" \} \}`, the username
|
5408
|
+
# field specification is `/login/username` and the password field
|
5409
|
+
# specification is `/login/password`.
|
5410
|
+
#
|
5411
|
+
# * For form encoded payload types, use the HTML form names.
|
5412
|
+
#
|
5413
|
+
# For example, for an HTML form with input elements named
|
5414
|
+
# `username1` and `password1`, the username field specification is
|
5415
|
+
# `username1` and the password field specification is `password1`.
|
5416
|
+
#
|
5417
|
+
#
|
5418
|
+
#
|
5419
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
5420
|
+
# @return [Types::UsernameField]
|
5421
|
+
#
|
5422
|
+
# @!attribute [rw] password_field
|
5423
|
+
# Details about your login page password field.
|
5424
|
+
#
|
5425
|
+
# How you specify this depends on the payload type.
|
5426
|
+
#
|
5427
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
5428
|
+
# For information about the JSON Pointer syntax, see the Internet
|
5429
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
5430
|
+
# Notation (JSON) Pointer][1].
|
5431
|
+
#
|
5432
|
+
# For example, for the JSON payload `\{ "login": \{ "username":
|
5433
|
+
# "THE_USERNAME", "password": "THE_PASSWORD" \} \}`, the username
|
5434
|
+
# field specification is `/login/username` and the password field
|
5435
|
+
# specification is `/login/password`.
|
5436
|
+
#
|
5437
|
+
# * For form encoded payload types, use the HTML form names.
|
5438
|
+
#
|
5439
|
+
# For example, for an HTML form with input elements named
|
5440
|
+
# `username1` and `password1`, the username field specification is
|
5441
|
+
# `username1` and the password field specification is `password1`.
|
5442
|
+
#
|
5443
|
+
#
|
5444
|
+
#
|
5445
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
5446
|
+
# @return [Types::PasswordField]
|
5447
|
+
#
|
5448
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestInspection AWS API Documentation
|
5449
|
+
#
|
5450
|
+
class RequestInspection < Struct.new(
|
5451
|
+
:payload_type,
|
5452
|
+
:username_field,
|
5453
|
+
:password_field)
|
5454
|
+
SENSITIVE = []
|
5455
|
+
include Aws::Structure
|
5456
|
+
end
|
5457
|
+
|
5458
|
+
# The criteria for inspecting responses to login requests, used by the
|
5459
|
+
# ATP rule group to track login failure rates.
|
5460
|
+
#
|
5461
|
+
# The ATP rule group evaluates the responses that your protected
|
5462
|
+
# resources send back to client login attempts, keeping count of
|
5463
|
+
# successful and failed attempts from each IP address and client
|
5464
|
+
# session. Using this information, the rule group labels and mitigates
|
5465
|
+
# requests from client sessions and IP addresses that submit too many
|
5466
|
+
# failed login attempts in a short amount of time.
|
5467
|
+
#
|
5468
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
5469
|
+
# CloudFront distributions.
|
5470
|
+
#
|
5471
|
+
# </note>
|
5472
|
+
#
|
5473
|
+
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5474
|
+
# possible to configure response inspection through the APIs, but ATP
|
5475
|
+
# response inspection will not be enabled. You can only use the response
|
5476
|
+
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5477
|
+
# protect CloudFront distributions.
|
5478
|
+
#
|
5479
|
+
# </note>
|
5480
|
+
#
|
5481
|
+
# This is part of the `AWSManagedRulesATPRuleSet` configuration in
|
5482
|
+
# `ManagedRuleGroupConfig`.
|
5483
|
+
#
|
5484
|
+
# Enable login response inspection by configuring exactly one component
|
5485
|
+
# of the response to inspect. You can't configure more than one. If you
|
5486
|
+
# don't configure any of the response inspection options, response
|
5487
|
+
# inspection is disabled.
|
5488
|
+
#
|
5489
|
+
# @!attribute [rw] status_code
|
5490
|
+
# Configures inspection of the response status code.
|
5491
|
+
# @return [Types::ResponseInspectionStatusCode]
|
5492
|
+
#
|
5493
|
+
# @!attribute [rw] header
|
5494
|
+
# Configures inspection of the response header.
|
5495
|
+
# @return [Types::ResponseInspectionHeader]
|
5496
|
+
#
|
5497
|
+
# @!attribute [rw] body_contains
|
5498
|
+
# Configures inspection of the response body.
|
5499
|
+
# @return [Types::ResponseInspectionBodyContains]
|
5500
|
+
#
|
5501
|
+
# @!attribute [rw] json
|
5502
|
+
# Configures inspection of the response JSON.
|
5503
|
+
# @return [Types::ResponseInspectionJson]
|
5504
|
+
#
|
5505
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspection AWS API Documentation
|
5506
|
+
#
|
5507
|
+
class ResponseInspection < Struct.new(
|
5508
|
+
:status_code,
|
5509
|
+
:header,
|
5510
|
+
:body_contains,
|
5511
|
+
:json)
|
5512
|
+
SENSITIVE = []
|
5513
|
+
include Aws::Structure
|
5514
|
+
end
|
5515
|
+
|
5516
|
+
# Configures inspection of the response body. This is part of the
|
5517
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
|
5518
|
+
#
|
5519
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
5520
|
+
# CloudFront distributions.
|
5521
|
+
#
|
5522
|
+
# </note>
|
5523
|
+
#
|
5524
|
+
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5525
|
+
# possible to configure response inspection through the APIs, but ATP
|
5526
|
+
# response inspection will not be enabled. You can only use the response
|
5527
|
+
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5528
|
+
# protect CloudFront distributions.
|
5529
|
+
#
|
5530
|
+
# </note>
|
5531
|
+
#
|
5532
|
+
# @!attribute [rw] success_strings
|
5533
|
+
# Strings in the body of the response that indicate a successful login
|
5534
|
+
# attempt. To be counted as a successful login, the string can be
|
5535
|
+
# anywhere in the body and must be an exact match, including case.
|
5536
|
+
# Each string must be unique among the success and failure strings.
|
5537
|
+
#
|
5538
|
+
# JSON example: `"SuccessStrings": [ "Login successful", "Welcome to
|
5539
|
+
# our site!" ]`
|
5540
|
+
# @return [Array<String>]
|
5541
|
+
#
|
5542
|
+
# @!attribute [rw] failure_strings
|
5543
|
+
# Strings in the body of the response that indicate a failed login
|
5544
|
+
# attempt. To be counted as a failed login, the string can be anywhere
|
5545
|
+
# in the body and must be an exact match, including case. Each string
|
5546
|
+
# must be unique among the success and failure strings.
|
5547
|
+
#
|
5548
|
+
# JSON example: `"FailureStrings": [ "Login failed" ]`
|
5549
|
+
# @return [Array<String>]
|
5550
|
+
#
|
5551
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionBodyContains AWS API Documentation
|
5552
|
+
#
|
5553
|
+
class ResponseInspectionBodyContains < Struct.new(
|
5554
|
+
:success_strings,
|
5555
|
+
:failure_strings)
|
5556
|
+
SENSITIVE = []
|
5557
|
+
include Aws::Structure
|
5558
|
+
end
|
5559
|
+
|
5560
|
+
# Configures inspection of the response header. This is part of the
|
5561
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
|
5562
|
+
#
|
5563
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
5564
|
+
# CloudFront distributions.
|
5565
|
+
#
|
5566
|
+
# </note>
|
5567
|
+
#
|
5568
|
+
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5569
|
+
# possible to configure response inspection through the APIs, but ATP
|
5570
|
+
# response inspection will not be enabled. You can only use the response
|
5571
|
+
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5572
|
+
# protect CloudFront distributions.
|
5573
|
+
#
|
5574
|
+
# </note>
|
5575
|
+
#
|
5576
|
+
# @!attribute [rw] name
|
5577
|
+
# The name of the header to match against. The name must be an exact
|
5578
|
+
# match, including case.
|
5579
|
+
#
|
5580
|
+
# JSON example: `"Name": [ "LoginResult" ]`
|
5581
|
+
# @return [String]
|
5582
|
+
#
|
5583
|
+
# @!attribute [rw] success_values
|
5584
|
+
# Values in the response header with the specified name that indicate
|
5585
|
+
# a successful login attempt. To be counted as a successful login, the
|
5586
|
+
# value must be an exact match, including case. Each value must be
|
5587
|
+
# unique among the success and failure values.
|
5588
|
+
#
|
5589
|
+
# JSON example: `"SuccessValues": [ "LoginPassed", "Successful login"
|
5590
|
+
# ]`
|
5591
|
+
# @return [Array<String>]
|
5592
|
+
#
|
5593
|
+
# @!attribute [rw] failure_values
|
5594
|
+
# Values in the response header with the specified name that indicate
|
5595
|
+
# a failed login attempt. To be counted as a failed login, the value
|
5596
|
+
# must be an exact match, including case. Each value must be unique
|
5597
|
+
# among the success and failure values.
|
5598
|
+
#
|
5599
|
+
# JSON example: `"FailureValues": [ "LoginFailed", "Failed login" ]`
|
5600
|
+
# @return [Array<String>]
|
5601
|
+
#
|
5602
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionHeader AWS API Documentation
|
5603
|
+
#
|
5604
|
+
class ResponseInspectionHeader < Struct.new(
|
5605
|
+
:name,
|
5606
|
+
:success_values,
|
5607
|
+
:failure_values)
|
5608
|
+
SENSITIVE = []
|
5609
|
+
include Aws::Structure
|
5610
|
+
end
|
5611
|
+
|
5612
|
+
# Configures inspection of the response JSON. This is part of the
|
5613
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
|
5614
|
+
#
|
5615
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
5616
|
+
# CloudFront distributions.
|
5617
|
+
#
|
5618
|
+
# </note>
|
5619
|
+
#
|
5620
|
+
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5621
|
+
# possible to configure response inspection through the APIs, but ATP
|
5622
|
+
# response inspection will not be enabled. You can only use the response
|
5623
|
+
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5624
|
+
# protect CloudFront distributions.
|
5625
|
+
#
|
5626
|
+
# </note>
|
5627
|
+
#
|
5628
|
+
# @!attribute [rw] identifier
|
5629
|
+
# The identifier for the value to match against in the JSON. The
|
5630
|
+
# identifier must be an exact match, including case.
|
5631
|
+
#
|
5632
|
+
# JSON example: `"Identifier": [ "/login/success" ]`
|
5633
|
+
# @return [String]
|
5634
|
+
#
|
5635
|
+
# @!attribute [rw] success_values
|
5636
|
+
# Values for the specified identifier in the response JSON that
|
5637
|
+
# indicate a successful login attempt. To be counted as a successful
|
5638
|
+
# login, the value must be an exact match, including case. Each value
|
5639
|
+
# must be unique among the success and failure values.
|
5640
|
+
#
|
5641
|
+
# JSON example: `"SuccessValues": [ "True", "Succeeded" ]`
|
5642
|
+
# @return [Array<String>]
|
5643
|
+
#
|
5644
|
+
# @!attribute [rw] failure_values
|
5645
|
+
# Values for the specified identifier in the response JSON that
|
5646
|
+
# indicate a failed login attempt. To be counted as a failed login,
|
5647
|
+
# the value must be an exact match, including case. Each value must be
|
5648
|
+
# unique among the success and failure values.
|
5649
|
+
#
|
5650
|
+
# JSON example: `"FailureValues": [ "False", "Failed" ]`
|
5651
|
+
# @return [Array<String>]
|
5652
|
+
#
|
5653
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionJson AWS API Documentation
|
5654
|
+
#
|
5655
|
+
class ResponseInspectionJson < Struct.new(
|
5656
|
+
:identifier,
|
5657
|
+
:success_values,
|
5658
|
+
:failure_values)
|
5659
|
+
SENSITIVE = []
|
5660
|
+
include Aws::Structure
|
5661
|
+
end
|
5662
|
+
|
5663
|
+
# Configures inspection of the response status code. This is part of the
|
5664
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
|
5665
|
+
#
|
5666
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
5667
|
+
# CloudFront distributions.
|
5668
|
+
#
|
5669
|
+
# </note>
|
5670
|
+
#
|
5671
|
+
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5672
|
+
# possible to configure response inspection through the APIs, but ATP
|
5673
|
+
# response inspection will not be enabled. You can only use the response
|
5674
|
+
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5675
|
+
# protect CloudFront distributions.
|
5676
|
+
#
|
5677
|
+
# </note>
|
5678
|
+
#
|
5679
|
+
# @!attribute [rw] success_codes
|
5680
|
+
# Status codes in the response that indicate a successful login
|
5681
|
+
# attempt. To be counted as a successful login, the response status
|
5682
|
+
# code must match one of these. Each code must be unique among the
|
5683
|
+
# success and failure status codes.
|
5684
|
+
#
|
5685
|
+
# JSON example: `"SuccessCodes": [ 200, 201 ]`
|
5686
|
+
# @return [Array<Integer>]
|
5687
|
+
#
|
5688
|
+
# @!attribute [rw] failure_codes
|
5689
|
+
# Status codes in the response that indicate a failed login attempt.
|
5690
|
+
# To be counted as a failed login, the response status code must match
|
5691
|
+
# one of these. Each code must be unique among the success and failure
|
5692
|
+
# status codes.
|
5693
|
+
#
|
5694
|
+
# JSON example: `"FailureCodes": [ 400, 404 ]`
|
5695
|
+
# @return [Array<Integer>]
|
5696
|
+
#
|
5697
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionStatusCode AWS API Documentation
|
5698
|
+
#
|
5699
|
+
class ResponseInspectionStatusCode < Struct.new(
|
5700
|
+
:success_codes,
|
5701
|
+
:failure_codes)
|
5702
|
+
SENSITIVE = []
|
5703
|
+
include Aws::Structure
|
5704
|
+
end
|
5705
|
+
|
5275
5706
|
# A single rule, which you can use in a WebACL or RuleGroup to identify
|
5276
5707
|
# web requests that you want to allow, block, or count. Each rule
|
5277
5708
|
# includes one top-level Statement that WAF uses to identify matching
|
@@ -6070,7 +6501,7 @@ module Aws::WAFV2
|
|
6070
6501
|
# create a rate-based rule with a nested AND rule statement that
|
6071
6502
|
# contains the following nested statements:
|
6072
6503
|
#
|
6073
|
-
# * An IP match statement with an IP set that
|
6504
|
+
# * An IP match statement with an IP set that specifies the address
|
6074
6505
|
# 192.0.2.44.
|
6075
6506
|
#
|
6076
6507
|
# * A string match statement that searches in the User-Agent header
|
@@ -7016,8 +7447,9 @@ module Aws::WAFV2
|
|
7016
7447
|
#
|
7017
7448
|
class UriPath < Aws::EmptyStructure; end
|
7018
7449
|
|
7019
|
-
# Details about your login page username field
|
7020
|
-
# `
|
7450
|
+
# Details about your login page username field for request inspection,
|
7451
|
+
# used in the `AWSManagedRulesATPRuleSet` `RequestInspection`
|
7452
|
+
# configuration.
|
7021
7453
|
#
|
7022
7454
|
# @!attribute [rw] identifier
|
7023
7455
|
# The name of the username field. For example `/form/username`.
|
data/lib/aws-sdk-wafv2.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-wafv2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.49.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-02-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|