aws-sdk-wafv2 1.60.0 → 1.62.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2/client.rb +379 -1827
- data/lib/aws-sdk-wafv2/client_api.rb +96 -0
- data/lib/aws-sdk-wafv2/endpoints.rb +28 -0
- data/lib/aws-sdk-wafv2/plugins/endpoints.rb +4 -0
- data/lib/aws-sdk-wafv2/types.rb +783 -153
- data/lib/aws-sdk-wafv2.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -51,6 +51,72 @@ module Aws::WAFV2
|
|
51
51
|
include Aws::Structure
|
52
52
|
end
|
53
53
|
|
54
|
+
# Details for your use of the account creation fraud prevention managed
|
55
|
+
# rule group, `AWSManagedRulesACFPRuleSet`. This configuration is used
|
56
|
+
# in `ManagedRuleGroupConfig`.
|
57
|
+
#
|
58
|
+
# @!attribute [rw] creation_path
|
59
|
+
# The path of the account creation endpoint for your application. This
|
60
|
+
# is the page on your website that accepts the completed registration
|
61
|
+
# form for a new user. This page must accept `POST` requests.
|
62
|
+
#
|
63
|
+
# For example, for the URL `https://example.com/web/signup`, you would
|
64
|
+
# provide the path `/web/signup`.
|
65
|
+
# @return [String]
|
66
|
+
#
|
67
|
+
# @!attribute [rw] registration_page_path
|
68
|
+
# The path of the account registration endpoint for your application.
|
69
|
+
# This is the page on your website that presents the registration form
|
70
|
+
# to new users.
|
71
|
+
#
|
72
|
+
# <note markdown="1"> This page must accept `GET` text/html requests.
|
73
|
+
#
|
74
|
+
# </note>
|
75
|
+
#
|
76
|
+
# For example, for the URL `https://example.com/web/register`, you
|
77
|
+
# would provide the path `/web/register`.
|
78
|
+
# @return [String]
|
79
|
+
#
|
80
|
+
# @!attribute [rw] request_inspection
|
81
|
+
# The criteria for inspecting account creation requests, used by the
|
82
|
+
# ACFP rule group to validate and track account creation attempts.
|
83
|
+
# @return [Types::RequestInspectionACFP]
|
84
|
+
#
|
85
|
+
# @!attribute [rw] response_inspection
|
86
|
+
# The criteria for inspecting responses to account creation requests,
|
87
|
+
# used by the ACFP rule group to track account creation success rates.
|
88
|
+
#
|
89
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect
|
90
|
+
# Amazon CloudFront distributions.
|
91
|
+
#
|
92
|
+
# </note>
|
93
|
+
#
|
94
|
+
# The ACFP rule group evaluates the responses that your protected
|
95
|
+
# resources send back to client account creation attempts, keeping
|
96
|
+
# count of successful and failed attempts from each IP address and
|
97
|
+
# client session. Using this information, the rule group labels and
|
98
|
+
# mitigates requests from client sessions and IP addresses that have
|
99
|
+
# had too many successful account creation attempts in a short amount
|
100
|
+
# of time.
|
101
|
+
# @return [Types::ResponseInspection]
|
102
|
+
#
|
103
|
+
# @!attribute [rw] enable_regex_in_path
|
104
|
+
# Allow the use of regular expressions in the registration page path
|
105
|
+
# and the account creation path.
|
106
|
+
# @return [Boolean]
|
107
|
+
#
|
108
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesACFPRuleSet AWS API Documentation
|
109
|
+
#
|
110
|
+
class AWSManagedRulesACFPRuleSet < Struct.new(
|
111
|
+
:creation_path,
|
112
|
+
:registration_page_path,
|
113
|
+
:request_inspection,
|
114
|
+
:response_inspection,
|
115
|
+
:enable_regex_in_path)
|
116
|
+
SENSITIVE = []
|
117
|
+
include Aws::Structure
|
118
|
+
end
|
119
|
+
|
54
120
|
# Details for your use of the account takeover prevention managed rule
|
55
121
|
# group, `AWSManagedRulesATPRuleSet`. This configuration is used in
|
56
122
|
# `ManagedRuleGroupConfig`.
|
@@ -73,25 +139,30 @@ module Aws::WAFV2
|
|
73
139
|
# The criteria for inspecting responses to login requests, used by the
|
74
140
|
# ATP rule group to track login failure rates.
|
75
141
|
#
|
76
|
-
# The ATP rule group evaluates the responses that your protected
|
77
|
-
# resources send back to client login attempts, keeping count of
|
78
|
-
# successful and failed attempts from each IP address and client
|
79
|
-
# session. Using this information, the rule group labels and mitigates
|
80
|
-
# requests from client sessions and IP addresses that submit too many
|
81
|
-
# failed login attempts in a short amount of time.
|
82
|
-
#
|
83
142
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect
|
84
143
|
# Amazon CloudFront distributions.
|
85
144
|
#
|
86
145
|
# </note>
|
146
|
+
#
|
147
|
+
# The ATP rule group evaluates the responses that your protected
|
148
|
+
# resources send back to client login attempts, keeping count of
|
149
|
+
# successful and failed attempts for each IP address and client
|
150
|
+
# session. Using this information, the rule group labels and mitigates
|
151
|
+
# requests from client sessions and IP addresses that have had too
|
152
|
+
# many failed login attempts in a short amount of time.
|
87
153
|
# @return [Types::ResponseInspection]
|
88
154
|
#
|
155
|
+
# @!attribute [rw] enable_regex_in_path
|
156
|
+
# Allow the use of regular expressions in the login page path.
|
157
|
+
# @return [Boolean]
|
158
|
+
#
|
89
159
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesATPRuleSet AWS API Documentation
|
90
160
|
#
|
91
161
|
class AWSManagedRulesATPRuleSet < Struct.new(
|
92
162
|
:login_path,
|
93
163
|
:request_inspection,
|
94
|
-
:response_inspection
|
164
|
+
:response_inspection,
|
165
|
+
:enable_regex_in_path)
|
95
166
|
SENSITIVE = []
|
96
167
|
include Aws::Structure
|
97
168
|
end
|
@@ -141,6 +212,49 @@ module Aws::WAFV2
|
|
141
212
|
include Aws::Structure
|
142
213
|
end
|
143
214
|
|
215
|
+
# The name of a field in the request payload that contains part or all
|
216
|
+
# of your customer's primary physical address.
|
217
|
+
#
|
218
|
+
# This data type is used in the `RequestInspectionACFP` data type.
|
219
|
+
#
|
220
|
+
# @!attribute [rw] identifier
|
221
|
+
# The name of a single primary address field.
|
222
|
+
#
|
223
|
+
# How you specify the address fields depends on the request inspection
|
224
|
+
# payload type.
|
225
|
+
#
|
226
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
227
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
228
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
229
|
+
# Object Notation (JSON) Pointer][1].
|
230
|
+
#
|
231
|
+
# For example, for the JSON payload `\{ "form": \{
|
232
|
+
# "primaryaddressline1": "THE_ADDRESS1", "primaryaddressline2":
|
233
|
+
# "THE_ADDRESS2", "primaryaddressline3": "THE_ADDRESS3" \} \}`, the
|
234
|
+
# address field idenfiers are `/form/primaryaddressline1`,
|
235
|
+
# `/form/primaryaddressline2`, and `/form/primaryaddressline3`.
|
236
|
+
#
|
237
|
+
# * For form encoded payload types, use the HTML form names.
|
238
|
+
#
|
239
|
+
# For example, for an HTML form with input elements named
|
240
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
241
|
+
# `primaryaddressline3`, the address fields identifiers are
|
242
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
243
|
+
# `primaryaddressline3`.
|
244
|
+
#
|
245
|
+
#
|
246
|
+
#
|
247
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
248
|
+
# @return [String]
|
249
|
+
#
|
250
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AddressField AWS API Documentation
|
251
|
+
#
|
252
|
+
class AddressField < Struct.new(
|
253
|
+
:identifier)
|
254
|
+
SENSITIVE = []
|
255
|
+
include Aws::Structure
|
256
|
+
end
|
257
|
+
|
144
258
|
# Inspect all of the elements that WAF has parsed and extracted from the
|
145
259
|
# web request component that you've identified in your FieldToMatch
|
146
260
|
# specifications.
|
@@ -1818,9 +1932,89 @@ module Aws::WAFV2
|
|
1818
1932
|
#
|
1819
1933
|
class DeleteWebACLResponse < Aws::EmptyStructure; end
|
1820
1934
|
|
1935
|
+
# @!attribute [rw] scope
|
1936
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
1937
|
+
# for a regional application. A regional application can be an
|
1938
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1939
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, an App Runner
|
1940
|
+
# service, or an Amazon Web Services Verified Access instance.
|
1941
|
+
#
|
1942
|
+
# To work with CloudFront, you must also specify the Region US East
|
1943
|
+
# (N. Virginia) as follows:
|
1944
|
+
#
|
1945
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1946
|
+
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1947
|
+
#
|
1948
|
+
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
1949
|
+
# @return [String]
|
1950
|
+
#
|
1951
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeAllManagedProductsRequest AWS API Documentation
|
1952
|
+
#
|
1953
|
+
class DescribeAllManagedProductsRequest < Struct.new(
|
1954
|
+
:scope)
|
1955
|
+
SENSITIVE = []
|
1956
|
+
include Aws::Structure
|
1957
|
+
end
|
1958
|
+
|
1959
|
+
# @!attribute [rw] managed_products
|
1960
|
+
# High-level information for the Amazon Web Services Managed Rules
|
1961
|
+
# rule groups and Amazon Web Services Marketplace managed rule groups.
|
1962
|
+
# @return [Array<Types::ManagedProductDescriptor>]
|
1963
|
+
#
|
1964
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeAllManagedProductsResponse AWS API Documentation
|
1965
|
+
#
|
1966
|
+
class DescribeAllManagedProductsResponse < Struct.new(
|
1967
|
+
:managed_products)
|
1968
|
+
SENSITIVE = []
|
1969
|
+
include Aws::Structure
|
1970
|
+
end
|
1971
|
+
|
1972
|
+
# @!attribute [rw] vendor_name
|
1973
|
+
# The name of the managed rule group vendor. You use this, along with
|
1974
|
+
# the rule group name, to identify a rule group.
|
1975
|
+
# @return [String]
|
1976
|
+
#
|
1977
|
+
# @!attribute [rw] scope
|
1978
|
+
# Specifies whether this is for an Amazon CloudFront distribution or
|
1979
|
+
# for a regional application. A regional application can be an
|
1980
|
+
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1981
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, an App Runner
|
1982
|
+
# service, or an Amazon Web Services Verified Access instance.
|
1983
|
+
#
|
1984
|
+
# To work with CloudFront, you must also specify the Region US East
|
1985
|
+
# (N. Virginia) as follows:
|
1986
|
+
#
|
1987
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1988
|
+
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1989
|
+
#
|
1990
|
+
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
1991
|
+
# @return [String]
|
1992
|
+
#
|
1993
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedProductsByVendorRequest AWS API Documentation
|
1994
|
+
#
|
1995
|
+
class DescribeManagedProductsByVendorRequest < Struct.new(
|
1996
|
+
:vendor_name,
|
1997
|
+
:scope)
|
1998
|
+
SENSITIVE = []
|
1999
|
+
include Aws::Structure
|
2000
|
+
end
|
2001
|
+
|
2002
|
+
# @!attribute [rw] managed_products
|
2003
|
+
# High-level information for the managed rule groups owned by the
|
2004
|
+
# specified vendor.
|
2005
|
+
# @return [Array<Types::ManagedProductDescriptor>]
|
2006
|
+
#
|
2007
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedProductsByVendorResponse AWS API Documentation
|
2008
|
+
#
|
2009
|
+
class DescribeManagedProductsByVendorResponse < Struct.new(
|
2010
|
+
:managed_products)
|
2011
|
+
SENSITIVE = []
|
2012
|
+
include Aws::Structure
|
2013
|
+
end
|
2014
|
+
|
1821
2015
|
# @!attribute [rw] vendor_name
|
1822
2016
|
# The name of the managed rule group vendor. You use this, along with
|
1823
|
-
# the rule group name, to identify
|
2017
|
+
# the rule group name, to identify a rule group.
|
1824
2018
|
# @return [String]
|
1825
2019
|
#
|
1826
2020
|
# @!attribute [rw] name
|
@@ -1867,11 +2061,12 @@ module Aws::WAFV2
|
|
1867
2061
|
#
|
1868
2062
|
# @!attribute [rw] sns_topic_arn
|
1869
2063
|
# The Amazon resource name (ARN) of the Amazon Simple Notification
|
1870
|
-
# Service SNS topic that's used to
|
1871
|
-
# group. You can subscribe to the SNS topic to
|
1872
|
-
# when the managed rule group is modified, such
|
1873
|
-
# and for version expiration. For more
|
1874
|
-
# Simple Notification Service Developer
|
2064
|
+
# Service SNS topic that's used to provide notification of changes to
|
2065
|
+
# the managed rule group. You can subscribe to the SNS topic to
|
2066
|
+
# receive notifications when the managed rule group is modified, such
|
2067
|
+
# as for new versions and for version expiration. For more
|
2068
|
+
# information, see the [Amazon Simple Notification Service Developer
|
2069
|
+
# Guide][1].
|
1875
2070
|
#
|
1876
2071
|
#
|
1877
2072
|
#
|
@@ -1985,6 +2180,43 @@ module Aws::WAFV2
|
|
1985
2180
|
#
|
1986
2181
|
class DisassociateWebACLResponse < Aws::EmptyStructure; end
|
1987
2182
|
|
2183
|
+
# The name of the field in the request payload that contains your
|
2184
|
+
# customer's email.
|
2185
|
+
#
|
2186
|
+
# This data type is used in the `RequestInspectionACFP` data type.
|
2187
|
+
#
|
2188
|
+
# @!attribute [rw] identifier
|
2189
|
+
# The name of the email field.
|
2190
|
+
#
|
2191
|
+
# How you specify this depends on the request inspection payload type.
|
2192
|
+
#
|
2193
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
2194
|
+
# For information about the JSON Pointer syntax, see the Internet
|
2195
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
2196
|
+
# Notation (JSON) Pointer][1].
|
2197
|
+
#
|
2198
|
+
# For example, for the JSON payload `\{ "form": \{ "email":
|
2199
|
+
# "THE_EMAIL" \} \}`, the email field specification is
|
2200
|
+
# `/form/email`.
|
2201
|
+
#
|
2202
|
+
# * For form encoded payload types, use the HTML form names.
|
2203
|
+
#
|
2204
|
+
# For example, for an HTML form with the input element named
|
2205
|
+
# `email1`, the email field specification is `email1`.
|
2206
|
+
#
|
2207
|
+
#
|
2208
|
+
#
|
2209
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
2210
|
+
# @return [String]
|
2211
|
+
#
|
2212
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/EmailField AWS API Documentation
|
2213
|
+
#
|
2214
|
+
class EmailField < Struct.new(
|
2215
|
+
:identifier)
|
2216
|
+
SENSITIVE = []
|
2217
|
+
include Aws::Structure
|
2218
|
+
end
|
2219
|
+
|
1988
2220
|
# Specifies a single rule in a rule group whose action you want to
|
1989
2221
|
# override to `Count`.
|
1990
2222
|
#
|
@@ -2124,9 +2356,7 @@ module Aws::WAFV2
|
|
2124
2356
|
# inspection. WAF generates the string and then uses that as the field
|
2125
2357
|
# to match component in its inspection. WAF separates the header names
|
2126
2358
|
# in the string using colons and no added spaces, for example
|
2127
|
-
# `
|
2128
|
-
#
|
2129
|
-
# Matches against the header order string are case insensitive.
|
2359
|
+
# `host:user-agent:accept:authorization:referer`.
|
2130
2360
|
# @return [Types::HeaderOrder]
|
2131
2361
|
#
|
2132
2362
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FieldToMatch AWS API Documentation
|
@@ -3057,10 +3287,12 @@ module Aws::WAFV2
|
|
3057
3287
|
# The URL to use in SDK integrations with Amazon Web Services managed
|
3058
3288
|
# rule groups. For example, you can use the integration SDKs with the
|
3059
3289
|
# account takeover prevention managed rule group
|
3060
|
-
# `AWSManagedRulesATPRuleSet
|
3061
|
-
#
|
3062
|
-
#
|
3063
|
-
#
|
3290
|
+
# `AWSManagedRulesATPRuleSet` and the account creation fraud
|
3291
|
+
# prevention managed rule group `AWSManagedRulesACFPRuleSet`. This is
|
3292
|
+
# only populated if you are using a rule group in your web ACL that
|
3293
|
+
# integrates with your applications in this way. For more information,
|
3294
|
+
# see [WAF client application integration][1] in the *WAF Developer
|
3295
|
+
# Guide*.
|
3064
3296
|
#
|
3065
3297
|
#
|
3066
3298
|
#
|
@@ -3195,9 +3427,7 @@ module Aws::WAFV2
|
|
3195
3427
|
# inspection. WAF generates the string and then uses that as the field
|
3196
3428
|
# to match component in its inspection. WAF separates the header names
|
3197
3429
|
# in the string using colons and no added spaces, for example
|
3198
|
-
# `
|
3199
|
-
#
|
3200
|
-
# Matches against the header order string are case insensitive.
|
3430
|
+
# `host:user-agent:accept:authorization:referer`.
|
3201
3431
|
#
|
3202
3432
|
# @!attribute [rw] oversize_handling
|
3203
3433
|
# What WAF should do if the headers of the request are more numerous
|
@@ -3866,7 +4096,7 @@ module Aws::WAFV2
|
|
3866
4096
|
|
3867
4097
|
# @!attribute [rw] vendor_name
|
3868
4098
|
# The name of the managed rule group vendor. You use this, along with
|
3869
|
-
# the rule group name, to identify
|
4099
|
+
# the rule group name, to identify a rule group.
|
3870
4100
|
# @return [String]
|
3871
4101
|
#
|
3872
4102
|
# @!attribute [rw] name
|
@@ -4588,12 +4818,18 @@ module Aws::WAFV2
|
|
4588
4818
|
# @return [Array<String>]
|
4589
4819
|
#
|
4590
4820
|
# @!attribute [rw] redacted_fields
|
4591
|
-
# The parts of the request that you want to keep out of the logs.
|
4592
|
-
#
|
4593
|
-
#
|
4821
|
+
# The parts of the request that you want to keep out of the logs.
|
4822
|
+
#
|
4823
|
+
# For example, if you redact the `SingleHeader` field, the `HEADER`
|
4824
|
+
# field in the logs will be `REDACTED` for all rules that use the
|
4825
|
+
# `SingleHeader` `FieldToMatch` setting.
|
4826
|
+
#
|
4827
|
+
# Redaction applies only to the component that's specified in the
|
4828
|
+
# rule's `FieldToMatch` setting, so the `SingleHeader` redaction
|
4829
|
+
# doesn't apply to rules that use the `Headers` `FieldToMatch`.
|
4594
4830
|
#
|
4595
4831
|
# <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
|
4596
|
-
# `QueryString`, `SingleHeader`,
|
4832
|
+
# `QueryString`, `SingleHeader`, and `Method`.
|
4597
4833
|
#
|
4598
4834
|
# </note>
|
4599
4835
|
# @return [Array<Types::FieldToMatch>]
|
@@ -4647,17 +4883,101 @@ module Aws::WAFV2
|
|
4647
4883
|
include Aws::Structure
|
4648
4884
|
end
|
4649
4885
|
|
4886
|
+
# The properties of a managed product, such as an Amazon Web Services
|
4887
|
+
# Managed Rules rule group or an Amazon Web Services Marketplace managed
|
4888
|
+
# rule group.
|
4889
|
+
#
|
4890
|
+
# @!attribute [rw] vendor_name
|
4891
|
+
# The name of the managed rule group vendor. You use this, along with
|
4892
|
+
# the rule group name, to identify a rule group.
|
4893
|
+
# @return [String]
|
4894
|
+
#
|
4895
|
+
# @!attribute [rw] managed_rule_set_name
|
4896
|
+
# The name of the managed rule group. For example,
|
4897
|
+
# `AWSManagedRulesAnonymousIpList` or `AWSManagedRulesATPRuleSet`.
|
4898
|
+
# @return [String]
|
4899
|
+
#
|
4900
|
+
# @!attribute [rw] product_id
|
4901
|
+
# A unique identifier for the rule group. This ID is returned in the
|
4902
|
+
# responses to create and list commands. You provide it to operations
|
4903
|
+
# like update and delete.
|
4904
|
+
# @return [String]
|
4905
|
+
#
|
4906
|
+
# @!attribute [rw] product_link
|
4907
|
+
# For Amazon Web Services Marketplace managed rule groups only, the
|
4908
|
+
# link to the rule group product page.
|
4909
|
+
# @return [String]
|
4910
|
+
#
|
4911
|
+
# @!attribute [rw] product_title
|
4912
|
+
# The display name for the managed rule group. For example, `Anonymous
|
4913
|
+
# IP list` or `Account takeover prevention`.
|
4914
|
+
# @return [String]
|
4915
|
+
#
|
4916
|
+
# @!attribute [rw] product_description
|
4917
|
+
# A short description of the managed rule group.
|
4918
|
+
# @return [String]
|
4919
|
+
#
|
4920
|
+
# @!attribute [rw] sns_topic_arn
|
4921
|
+
# The Amazon resource name (ARN) of the Amazon Simple Notification
|
4922
|
+
# Service SNS topic that's used to provide notification of changes to
|
4923
|
+
# the managed rule group. You can subscribe to the SNS topic to
|
4924
|
+
# receive notifications when the managed rule group is modified, such
|
4925
|
+
# as for new versions and for version expiration. For more
|
4926
|
+
# information, see the [Amazon Simple Notification Service Developer
|
4927
|
+
# Guide][1].
|
4928
|
+
#
|
4929
|
+
#
|
4930
|
+
#
|
4931
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
|
4932
|
+
# @return [String]
|
4933
|
+
#
|
4934
|
+
# @!attribute [rw] is_versioning_supported
|
4935
|
+
# Indicates whether the rule group is versioned.
|
4936
|
+
# @return [Boolean]
|
4937
|
+
#
|
4938
|
+
# @!attribute [rw] is_advanced_managed_rule_set
|
4939
|
+
# Indicates whether the rule group provides an advanced set of
|
4940
|
+
# protections, such as the the Amazon Web Services Managed Rules rule
|
4941
|
+
# groups that are used for WAF intelligent threat mitigation.
|
4942
|
+
# @return [Boolean]
|
4943
|
+
#
|
4944
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedProductDescriptor AWS API Documentation
|
4945
|
+
#
|
4946
|
+
class ManagedProductDescriptor < Struct.new(
|
4947
|
+
:vendor_name,
|
4948
|
+
:managed_rule_set_name,
|
4949
|
+
:product_id,
|
4950
|
+
:product_link,
|
4951
|
+
:product_title,
|
4952
|
+
:product_description,
|
4953
|
+
:sns_topic_arn,
|
4954
|
+
:is_versioning_supported,
|
4955
|
+
:is_advanced_managed_rule_set)
|
4956
|
+
SENSITIVE = []
|
4957
|
+
include Aws::Structure
|
4958
|
+
end
|
4959
|
+
|
4650
4960
|
# Additional information that's used by a managed rule group. Many
|
4651
4961
|
# managed rule groups don't require this.
|
4652
4962
|
#
|
4653
|
-
#
|
4654
|
-
#
|
4655
|
-
# such as the sign-in page of your application and the type of content
|
4656
|
-
# to accept or reject from the client.
|
4963
|
+
# The rule groups used for intelligent threat mitigation require
|
4964
|
+
# additional configuration:
|
4657
4965
|
#
|
4658
|
-
# Use the `
|
4659
|
-
#
|
4660
|
-
#
|
4966
|
+
# * Use the `AWSManagedRulesACFPRuleSet` configuration object to
|
4967
|
+
# configure the account creation fraud prevention managed rule group.
|
4968
|
+
# The configuration includes the registration and sign-up pages of
|
4969
|
+
# your application and the locations in the account creation request
|
4970
|
+
# payload of data, such as the user email and phone number fields.
|
4971
|
+
#
|
4972
|
+
# * Use the `AWSManagedRulesATPRuleSet` configuration object to
|
4973
|
+
# configure the account takeover prevention managed rule group. The
|
4974
|
+
# configuration includes the sign-in page of your application and the
|
4975
|
+
# locations in the login request payload of data such as the username
|
4976
|
+
# and password.
|
4977
|
+
#
|
4978
|
+
# * Use the `AWSManagedRulesBotControlRuleSet` configuration object to
|
4979
|
+
# configure the protection level that you want the Bot Control rule
|
4980
|
+
# group to use.
|
4661
4981
|
#
|
4662
4982
|
# For example specifications, see the examples section of CreateWebACL.
|
4663
4983
|
#
|
@@ -4669,22 +4989,25 @@ module Aws::WAFV2
|
|
4669
4989
|
# @return [String]
|
4670
4990
|
#
|
4671
4991
|
# @!attribute [rw] payload_type
|
4672
|
-
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4673
|
-
# `AWSManagedRulesATPRuleSet`
|
4992
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under the
|
4993
|
+
# request inspection configuration for `AWSManagedRulesATPRuleSet` or
|
4994
|
+
# `AWSManagedRulesACFPRuleSet`.
|
4674
4995
|
#
|
4675
4996
|
# </note>
|
4676
4997
|
# @return [String]
|
4677
4998
|
#
|
4678
4999
|
# @!attribute [rw] username_field
|
4679
|
-
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4680
|
-
# `AWSManagedRulesATPRuleSet`
|
5000
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under the
|
5001
|
+
# request inspection configuration for `AWSManagedRulesATPRuleSet` or
|
5002
|
+
# `AWSManagedRulesACFPRuleSet`.
|
4681
5003
|
#
|
4682
5004
|
# </note>
|
4683
5005
|
# @return [Types::UsernameField]
|
4684
5006
|
#
|
4685
5007
|
# @!attribute [rw] password_field
|
4686
|
-
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4687
|
-
# `AWSManagedRulesATPRuleSet`
|
5008
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under the
|
5009
|
+
# request inspection configuration for `AWSManagedRulesATPRuleSet` or
|
5010
|
+
# `AWSManagedRulesACFPRuleSet`.
|
4688
5011
|
#
|
4689
5012
|
# </note>
|
4690
5013
|
# @return [Types::PasswordField]
|
@@ -4724,6 +5047,25 @@ module Aws::WAFV2
|
|
4724
5047
|
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html
|
4725
5048
|
# @return [Types::AWSManagedRulesATPRuleSet]
|
4726
5049
|
#
|
5050
|
+
# @!attribute [rw] aws_managed_rules_acfp_rule_set
|
5051
|
+
# Additional configuration for using the account creation fraud
|
5052
|
+
# prevention (ACFP) managed rule group, `AWSManagedRulesACFPRuleSet`.
|
5053
|
+
# Use this to provide account creation request information to the rule
|
5054
|
+
# group. For web ACLs that protect CloudFront distributions, use this
|
5055
|
+
# to also provide the information about how your distribution responds
|
5056
|
+
# to account creation requests.
|
5057
|
+
#
|
5058
|
+
# For information about using the ACFP managed rule group, see [WAF
|
5059
|
+
# Fraud Control account creation fraud prevention (ACFP) rule
|
5060
|
+
# group][1] and [WAF Fraud Control account creation fraud prevention
|
5061
|
+
# (ACFP)][2] in the *WAF Developer Guide*.
|
5062
|
+
#
|
5063
|
+
#
|
5064
|
+
#
|
5065
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-acfp.html
|
5066
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html
|
5067
|
+
# @return [Types::AWSManagedRulesACFPRuleSet]
|
5068
|
+
#
|
4727
5069
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupConfig AWS API Documentation
|
4728
5070
|
#
|
4729
5071
|
class ManagedRuleGroupConfig < Struct.new(
|
@@ -4732,7 +5074,8 @@ module Aws::WAFV2
|
|
4732
5074
|
:username_field,
|
4733
5075
|
:password_field,
|
4734
5076
|
:aws_managed_rules_bot_control_rule_set,
|
4735
|
-
:aws_managed_rules_atp_rule_set
|
5077
|
+
:aws_managed_rules_atp_rule_set,
|
5078
|
+
:aws_managed_rules_acfp_rule_set)
|
4736
5079
|
SENSITIVE = []
|
4737
5080
|
include Aws::Structure
|
4738
5081
|
end
|
@@ -4747,9 +5090,11 @@ module Aws::WAFV2
|
|
4747
5090
|
# a top-level statement within a rule.
|
4748
5091
|
#
|
4749
5092
|
# <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
|
4750
|
-
# managed rule group `AWSManagedRulesBotControlRuleSet
|
5093
|
+
# managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
|
4751
5094
|
# Control account takeover prevention (ATP) managed rule group
|
4752
|
-
# `AWSManagedRulesATPRuleSet
|
5095
|
+
# `AWSManagedRulesATPRuleSet`, or the WAF Fraud Control account creation
|
5096
|
+
# fraud prevention (ACFP) managed rule group
|
5097
|
+
# `AWSManagedRulesACFPRuleSet`. For more information, see [WAF
|
4753
5098
|
# Pricing][1].
|
4754
5099
|
#
|
4755
5100
|
# </note>
|
@@ -4760,7 +5105,7 @@ module Aws::WAFV2
|
|
4760
5105
|
#
|
4761
5106
|
# @!attribute [rw] vendor_name
|
4762
5107
|
# The name of the managed rule group vendor. You use this, along with
|
4763
|
-
# the rule group name, to identify
|
5108
|
+
# the rule group name, to identify a rule group.
|
4764
5109
|
# @return [String]
|
4765
5110
|
#
|
4766
5111
|
# @!attribute [rw] name
|
@@ -4798,14 +5143,25 @@ module Aws::WAFV2
|
|
4798
5143
|
# Additional information that's used by a managed rule group. Many
|
4799
5144
|
# managed rule groups don't require this.
|
4800
5145
|
#
|
4801
|
-
#
|
4802
|
-
#
|
4803
|
-
#
|
4804
|
-
#
|
4805
|
-
#
|
4806
|
-
#
|
4807
|
-
#
|
4808
|
-
#
|
5146
|
+
# The rule groups used for intelligent threat mitigation require
|
5147
|
+
# additional configuration:
|
5148
|
+
#
|
5149
|
+
# * Use the `AWSManagedRulesACFPRuleSet` configuration object to
|
5150
|
+
# configure the account creation fraud prevention managed rule
|
5151
|
+
# group. The configuration includes the registration and sign-up
|
5152
|
+
# pages of your application and the locations in the account
|
5153
|
+
# creation request payload of data, such as the user email and phone
|
5154
|
+
# number fields.
|
5155
|
+
#
|
5156
|
+
# * Use the `AWSManagedRulesATPRuleSet` configuration object to
|
5157
|
+
# configure the account takeover prevention managed rule group. The
|
5158
|
+
# configuration includes the sign-in page of your application and
|
5159
|
+
# the locations in the login request payload of data such as the
|
5160
|
+
# username and password.
|
5161
|
+
#
|
5162
|
+
# * Use the `AWSManagedRulesBotControlRuleSet` configuration object to
|
5163
|
+
# configure the protection level that you want the Bot Control rule
|
5164
|
+
# group to use.
|
4809
5165
|
# @return [Array<Types::ManagedRuleGroupConfig>]
|
4810
5166
|
#
|
4811
5167
|
# @!attribute [rw] rule_action_overrides
|
@@ -4838,14 +5194,14 @@ module Aws::WAFV2
|
|
4838
5194
|
# ListAvailableManagedRuleGroups. This provides information like the
|
4839
5195
|
# name and vendor name, that you provide when you add a
|
4840
5196
|
# ManagedRuleGroupStatement to a web ACL. Managed rule groups include
|
4841
|
-
# Amazon Web Services Managed Rules rule groups
|
4842
|
-
#
|
4843
|
-
# rule
|
4844
|
-
# Marketplace.
|
5197
|
+
# Amazon Web Services Managed Rules rule groups and Amazon Web Services
|
5198
|
+
# Marketplace managed rule groups. To use any Amazon Web Services
|
5199
|
+
# Marketplace managed rule group, first subscribe to the rule group
|
5200
|
+
# through Amazon Web Services Marketplace.
|
4845
5201
|
#
|
4846
5202
|
# @!attribute [rw] vendor_name
|
4847
5203
|
# The name of the managed rule group vendor. You use this, along with
|
4848
|
-
# the rule group name, to identify
|
5204
|
+
# the rule group name, to identify a rule group.
|
4849
5205
|
# @return [String]
|
4850
5206
|
#
|
4851
5207
|
# @!attribute [rw] name
|
@@ -5273,12 +5629,34 @@ module Aws::WAFV2
|
|
5273
5629
|
include Aws::Structure
|
5274
5630
|
end
|
5275
5631
|
|
5276
|
-
#
|
5277
|
-
#
|
5278
|
-
#
|
5632
|
+
# The name of the field in the request payload that contains your
|
5633
|
+
# customer's password.
|
5634
|
+
#
|
5635
|
+
# This data type is used in the `RequestInspection` and
|
5636
|
+
# `RequestInspectionACFP` data types.
|
5279
5637
|
#
|
5280
5638
|
# @!attribute [rw] identifier
|
5281
|
-
# The name of the password field.
|
5639
|
+
# The name of the password field.
|
5640
|
+
#
|
5641
|
+
# How you specify this depends on the request inspection payload type.
|
5642
|
+
#
|
5643
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
5644
|
+
# For information about the JSON Pointer syntax, see the Internet
|
5645
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
5646
|
+
# Notation (JSON) Pointer][1].
|
5647
|
+
#
|
5648
|
+
# For example, for the JSON payload `\{ "form": \{ "password":
|
5649
|
+
# "THE_PASSWORD" \} \}`, the password field specification is
|
5650
|
+
# `/form/password`.
|
5651
|
+
#
|
5652
|
+
# * For form encoded payload types, use the HTML form names.
|
5653
|
+
#
|
5654
|
+
# For example, for an HTML form with the input element named
|
5655
|
+
# `password1`, the password field specification is `password1`.
|
5656
|
+
#
|
5657
|
+
#
|
5658
|
+
#
|
5659
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
5282
5660
|
# @return [String]
|
5283
5661
|
#
|
5284
5662
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PasswordField AWS API Documentation
|
@@ -5289,6 +5667,48 @@ module Aws::WAFV2
|
|
5289
5667
|
include Aws::Structure
|
5290
5668
|
end
|
5291
5669
|
|
5670
|
+
# The name of a field in the request payload that contains part or all
|
5671
|
+
# of your customer's primary phone number.
|
5672
|
+
#
|
5673
|
+
# This data type is used in the `RequestInspectionACFP` data type.
|
5674
|
+
#
|
5675
|
+
# @!attribute [rw] identifier
|
5676
|
+
# The name of a single primary phone number field.
|
5677
|
+
#
|
5678
|
+
# How you specify the phone number fields depends on the request
|
5679
|
+
# inspection payload type.
|
5680
|
+
#
|
5681
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
5682
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
5683
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
5684
|
+
# Object Notation (JSON) Pointer][1].
|
5685
|
+
#
|
5686
|
+
# For example, for the JSON payload `\{ "form": \{
|
5687
|
+
# "primaryphoneline1": "THE_PHONE1", "primaryphoneline2":
|
5688
|
+
# "THE_PHONE2", "primaryphoneline3": "THE_PHONE3" \} \}`, the phone
|
5689
|
+
# number field identifiers are `/form/primaryphoneline1`,
|
5690
|
+
# `/form/primaryphoneline2`, and `/form/primaryphoneline3`.
|
5691
|
+
#
|
5692
|
+
# * For form encoded payload types, use the HTML form names.
|
5693
|
+
#
|
5694
|
+
# For example, for an HTML form with input elements named
|
5695
|
+
# `primaryphoneline1`, `primaryphoneline2`, and `primaryphoneline3`,
|
5696
|
+
# the phone number field identifiers are `primaryphoneline1`,
|
5697
|
+
# `primaryphoneline2`, and `primaryphoneline3`.
|
5698
|
+
#
|
5699
|
+
#
|
5700
|
+
#
|
5701
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
5702
|
+
# @return [String]
|
5703
|
+
#
|
5704
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PhoneNumberField AWS API Documentation
|
5705
|
+
#
|
5706
|
+
class PhoneNumberField < Struct.new(
|
5707
|
+
:identifier)
|
5708
|
+
SENSITIVE = []
|
5709
|
+
include Aws::Structure
|
5710
|
+
end
|
5711
|
+
|
5292
5712
|
# @!attribute [rw] logging_configuration
|
5293
5713
|
# @return [Types::LoggingConfiguration]
|
5294
5714
|
#
|
@@ -6237,25 +6657,24 @@ module Aws::WAFV2
|
|
6237
6657
|
# @return [String]
|
6238
6658
|
#
|
6239
6659
|
# @!attribute [rw] username_field
|
6240
|
-
#
|
6660
|
+
# The name of the field in the request payload that contains your
|
6661
|
+
# customer's username.
|
6241
6662
|
#
|
6242
|
-
# How you specify this depends on the payload type.
|
6663
|
+
# How you specify this depends on the request inspection payload type.
|
6243
6664
|
#
|
6244
6665
|
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6245
6666
|
# For information about the JSON Pointer syntax, see the Internet
|
6246
6667
|
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6247
6668
|
# Notation (JSON) Pointer][1].
|
6248
6669
|
#
|
6249
|
-
# For example, for the JSON payload `\{ "
|
6250
|
-
# "THE_USERNAME"
|
6251
|
-
#
|
6252
|
-
# specification is `/login/password`.
|
6670
|
+
# For example, for the JSON payload `\{ "form": \{ "username":
|
6671
|
+
# "THE_USERNAME" \} \}`, the username field specification is
|
6672
|
+
# `/form/username`.
|
6253
6673
|
#
|
6254
6674
|
# * For form encoded payload types, use the HTML form names.
|
6255
6675
|
#
|
6256
|
-
# For example, for an HTML form with input
|
6257
|
-
# `username1
|
6258
|
-
# `username1` and the password field specification is `password1`.
|
6676
|
+
# For example, for an HTML form with the input element named
|
6677
|
+
# `username1`, the username field specification is `username1`
|
6259
6678
|
#
|
6260
6679
|
#
|
6261
6680
|
#
|
@@ -6263,25 +6682,24 @@ module Aws::WAFV2
|
|
6263
6682
|
# @return [Types::UsernameField]
|
6264
6683
|
#
|
6265
6684
|
# @!attribute [rw] password_field
|
6266
|
-
#
|
6685
|
+
# The name of the field in the request payload that contains your
|
6686
|
+
# customer's password.
|
6267
6687
|
#
|
6268
|
-
# How you specify this depends on the payload type.
|
6688
|
+
# How you specify this depends on the request inspection payload type.
|
6269
6689
|
#
|
6270
6690
|
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6271
6691
|
# For information about the JSON Pointer syntax, see the Internet
|
6272
6692
|
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6273
6693
|
# Notation (JSON) Pointer][1].
|
6274
6694
|
#
|
6275
|
-
# For example, for the JSON payload `\{ "
|
6276
|
-
# "
|
6277
|
-
#
|
6278
|
-
# specification is `/login/password`.
|
6695
|
+
# For example, for the JSON payload `\{ "form": \{ "password":
|
6696
|
+
# "THE_PASSWORD" \} \}`, the password field specification is
|
6697
|
+
# `/form/password`.
|
6279
6698
|
#
|
6280
6699
|
# * For form encoded payload types, use the HTML form names.
|
6281
6700
|
#
|
6282
|
-
# For example, for an HTML form with input
|
6283
|
-
# `
|
6284
|
-
# `username1` and the password field specification is `password1`.
|
6701
|
+
# For example, for an HTML form with the input element named
|
6702
|
+
# `password1`, the password field specification is `password1`.
|
6285
6703
|
#
|
6286
6704
|
#
|
6287
6705
|
#
|
@@ -6298,45 +6716,223 @@ module Aws::WAFV2
|
|
6298
6716
|
include Aws::Structure
|
6299
6717
|
end
|
6300
6718
|
|
6301
|
-
# The criteria for inspecting
|
6302
|
-
#
|
6719
|
+
# The criteria for inspecting account creation requests, used by the
|
6720
|
+
# ACFP rule group to validate and track account creation attempts.
|
6303
6721
|
#
|
6304
|
-
#
|
6305
|
-
#
|
6306
|
-
#
|
6307
|
-
#
|
6308
|
-
#
|
6309
|
-
#
|
6722
|
+
# This is part of the `AWSManagedRulesACFPRuleSet` configuration in
|
6723
|
+
# `ManagedRuleGroupConfig`.
|
6724
|
+
#
|
6725
|
+
# In these settings, you specify how your application accepts account
|
6726
|
+
# creation attempts by providing the request payload type and the names
|
6727
|
+
# of the fields within the request body where the username, password,
|
6728
|
+
# email, and primary address and phone number fields are provided.
|
6729
|
+
#
|
6730
|
+
# @!attribute [rw] payload_type
|
6731
|
+
# The payload type for your account creation endpoint, either JSON or
|
6732
|
+
# form encoded.
|
6733
|
+
# @return [String]
|
6734
|
+
#
|
6735
|
+
# @!attribute [rw] username_field
|
6736
|
+
# The name of the field in the request payload that contains your
|
6737
|
+
# customer's username.
|
6738
|
+
#
|
6739
|
+
# How you specify this depends on the request inspection payload type.
|
6740
|
+
#
|
6741
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6742
|
+
# For information about the JSON Pointer syntax, see the Internet
|
6743
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6744
|
+
# Notation (JSON) Pointer][1].
|
6745
|
+
#
|
6746
|
+
# For example, for the JSON payload `\{ "form": \{ "username":
|
6747
|
+
# "THE_USERNAME" \} \}`, the username field specification is
|
6748
|
+
# `/form/username`.
|
6749
|
+
#
|
6750
|
+
# * For form encoded payload types, use the HTML form names.
|
6751
|
+
#
|
6752
|
+
# For example, for an HTML form with the input element named
|
6753
|
+
# `username1`, the username field specification is `username1`
|
6754
|
+
#
|
6755
|
+
#
|
6756
|
+
#
|
6757
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6758
|
+
# @return [Types::UsernameField]
|
6759
|
+
#
|
6760
|
+
# @!attribute [rw] password_field
|
6761
|
+
# The name of the field in the request payload that contains your
|
6762
|
+
# customer's password.
|
6763
|
+
#
|
6764
|
+
# How you specify this depends on the request inspection payload type.
|
6765
|
+
#
|
6766
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6767
|
+
# For information about the JSON Pointer syntax, see the Internet
|
6768
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6769
|
+
# Notation (JSON) Pointer][1].
|
6770
|
+
#
|
6771
|
+
# For example, for the JSON payload `\{ "form": \{ "password":
|
6772
|
+
# "THE_PASSWORD" \} \}`, the password field specification is
|
6773
|
+
# `/form/password`.
|
6774
|
+
#
|
6775
|
+
# * For form encoded payload types, use the HTML form names.
|
6776
|
+
#
|
6777
|
+
# For example, for an HTML form with the input element named
|
6778
|
+
# `password1`, the password field specification is `password1`.
|
6779
|
+
#
|
6780
|
+
#
|
6781
|
+
#
|
6782
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6783
|
+
# @return [Types::PasswordField]
|
6784
|
+
#
|
6785
|
+
# @!attribute [rw] email_field
|
6786
|
+
# The name of the field in the request payload that contains your
|
6787
|
+
# customer's email.
|
6788
|
+
#
|
6789
|
+
# How you specify this depends on the request inspection payload type.
|
6790
|
+
#
|
6791
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6792
|
+
# For information about the JSON Pointer syntax, see the Internet
|
6793
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6794
|
+
# Notation (JSON) Pointer][1].
|
6795
|
+
#
|
6796
|
+
# For example, for the JSON payload `\{ "form": \{ "email":
|
6797
|
+
# "THE_EMAIL" \} \}`, the email field specification is
|
6798
|
+
# `/form/email`.
|
6799
|
+
#
|
6800
|
+
# * For form encoded payload types, use the HTML form names.
|
6801
|
+
#
|
6802
|
+
# For example, for an HTML form with the input element named
|
6803
|
+
# `email1`, the email field specification is `email1`.
|
6804
|
+
#
|
6805
|
+
#
|
6806
|
+
#
|
6807
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6808
|
+
# @return [Types::EmailField]
|
6809
|
+
#
|
6810
|
+
# @!attribute [rw] phone_number_fields
|
6811
|
+
# The names of the fields in the request payload that contain your
|
6812
|
+
# customer's primary phone number.
|
6813
|
+
#
|
6814
|
+
# Order the phone number fields in the array exactly as they are
|
6815
|
+
# ordered in the request payload.
|
6816
|
+
#
|
6817
|
+
# How you specify the phone number fields depends on the request
|
6818
|
+
# inspection payload type.
|
6819
|
+
#
|
6820
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
6821
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
6822
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
6823
|
+
# Object Notation (JSON) Pointer][1].
|
6824
|
+
#
|
6825
|
+
# For example, for the JSON payload `\{ "form": \{
|
6826
|
+
# "primaryphoneline1": "THE_PHONE1", "primaryphoneline2":
|
6827
|
+
# "THE_PHONE2", "primaryphoneline3": "THE_PHONE3" \} \}`, the phone
|
6828
|
+
# number field identifiers are `/form/primaryphoneline1`,
|
6829
|
+
# `/form/primaryphoneline2`, and `/form/primaryphoneline3`.
|
6830
|
+
#
|
6831
|
+
# * For form encoded payload types, use the HTML form names.
|
6832
|
+
#
|
6833
|
+
# For example, for an HTML form with input elements named
|
6834
|
+
# `primaryphoneline1`, `primaryphoneline2`, and `primaryphoneline3`,
|
6835
|
+
# the phone number field identifiers are `primaryphoneline1`,
|
6836
|
+
# `primaryphoneline2`, and `primaryphoneline3`.
|
6837
|
+
#
|
6838
|
+
#
|
6839
|
+
#
|
6840
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6841
|
+
# @return [Array<Types::PhoneNumberField>]
|
6842
|
+
#
|
6843
|
+
# @!attribute [rw] address_fields
|
6844
|
+
# The names of the fields in the request payload that contain your
|
6845
|
+
# customer's primary physical address.
|
6846
|
+
#
|
6847
|
+
# Order the address fields in the array exactly as they are ordered in
|
6848
|
+
# the request payload.
|
6849
|
+
#
|
6850
|
+
# How you specify the address fields depends on the request inspection
|
6851
|
+
# payload type.
|
6852
|
+
#
|
6853
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
6854
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
6855
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
6856
|
+
# Object Notation (JSON) Pointer][1].
|
6857
|
+
#
|
6858
|
+
# For example, for the JSON payload `\{ "form": \{
|
6859
|
+
# "primaryaddressline1": "THE_ADDRESS1", "primaryaddressline2":
|
6860
|
+
# "THE_ADDRESS2", "primaryaddressline3": "THE_ADDRESS3" \} \}`, the
|
6861
|
+
# address field idenfiers are `/form/primaryaddressline1`,
|
6862
|
+
# `/form/primaryaddressline2`, and `/form/primaryaddressline3`.
|
6863
|
+
#
|
6864
|
+
# * For form encoded payload types, use the HTML form names.
|
6865
|
+
#
|
6866
|
+
# For example, for an HTML form with input elements named
|
6867
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
6868
|
+
# `primaryaddressline3`, the address fields identifiers are
|
6869
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
6870
|
+
# `primaryaddressline3`.
|
6871
|
+
#
|
6872
|
+
#
|
6873
|
+
#
|
6874
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6875
|
+
# @return [Array<Types::AddressField>]
|
6876
|
+
#
|
6877
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestInspectionACFP AWS API Documentation
|
6878
|
+
#
|
6879
|
+
class RequestInspectionACFP < Struct.new(
|
6880
|
+
:payload_type,
|
6881
|
+
:username_field,
|
6882
|
+
:password_field,
|
6883
|
+
:email_field,
|
6884
|
+
:phone_number_fields,
|
6885
|
+
:address_fields)
|
6886
|
+
SENSITIVE = []
|
6887
|
+
include Aws::Structure
|
6888
|
+
end
|
6889
|
+
|
6890
|
+
# The criteria for inspecting responses to login requests and account
|
6891
|
+
# creation requests, used by the ATP and ACFP rule groups to track login
|
6892
|
+
# and account creation success and failure rates.
|
6310
6893
|
#
|
6311
6894
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6312
6895
|
# CloudFront distributions.
|
6313
6896
|
#
|
6314
6897
|
# </note>
|
6315
6898
|
#
|
6316
|
-
#
|
6899
|
+
# The rule groups evaluates the responses that your protected resources
|
6900
|
+
# send back to client login and account creation attempts, keeping count
|
6901
|
+
# of successful and failed attempts from each IP address and client
|
6902
|
+
# session. Using this information, the rule group labels and mitigates
|
6903
|
+
# requests from client sessions and IP addresses with too much
|
6904
|
+
# suspicious activity in a short amount of time.
|
6905
|
+
#
|
6906
|
+
# This is part of the `AWSManagedRulesATPRuleSet` and
|
6907
|
+
# `AWSManagedRulesACFPRuleSet` configurations in
|
6317
6908
|
# `ManagedRuleGroupConfig`.
|
6318
6909
|
#
|
6319
|
-
# Enable
|
6320
|
-
#
|
6321
|
-
#
|
6322
|
-
# inspection
|
6910
|
+
# Enable response inspection by configuring exactly one component of the
|
6911
|
+
# response to inspect, for example, `Header` or `StatusCode`. You can't
|
6912
|
+
# configure more than one component for inspection. If you don't
|
6913
|
+
# configure any of the response inspection options, response inspection
|
6914
|
+
# is disabled.
|
6323
6915
|
#
|
6324
6916
|
# @!attribute [rw] status_code
|
6325
|
-
# Configures inspection of the response status code
|
6917
|
+
# Configures inspection of the response status code for success and
|
6918
|
+
# failure indicators.
|
6326
6919
|
# @return [Types::ResponseInspectionStatusCode]
|
6327
6920
|
#
|
6328
6921
|
# @!attribute [rw] header
|
6329
|
-
# Configures inspection of the response header
|
6922
|
+
# Configures inspection of the response header for success and failure
|
6923
|
+
# indicators.
|
6330
6924
|
# @return [Types::ResponseInspectionHeader]
|
6331
6925
|
#
|
6332
6926
|
# @!attribute [rw] body_contains
|
6333
|
-
# Configures inspection of the response body
|
6334
|
-
# first 65,536 bytes (64 KB) of the
|
6927
|
+
# Configures inspection of the response body for success and failure
|
6928
|
+
# indicators. WAF can inspect the first 65,536 bytes (64 KB) of the
|
6929
|
+
# response body.
|
6335
6930
|
# @return [Types::ResponseInspectionBodyContains]
|
6336
6931
|
#
|
6337
6932
|
# @!attribute [rw] json
|
6338
|
-
# Configures inspection of the response JSON
|
6339
|
-
# first 65,536 bytes (64 KB) of the
|
6933
|
+
# Configures inspection of the response JSON for success and failure
|
6934
|
+
# indicators. WAF can inspect the first 65,536 bytes (64 KB) of the
|
6935
|
+
# response JSON.
|
6340
6936
|
# @return [Types::ResponseInspectionJson]
|
6341
6937
|
#
|
6342
6938
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspection AWS API Documentation
|
@@ -6352,7 +6948,8 @@ module Aws::WAFV2
|
|
6352
6948
|
|
6353
6949
|
# Configures inspection of the response body. WAF can inspect the first
|
6354
6950
|
# 65,536 bytes (64 KB) of the response body. This is part of the
|
6355
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
6951
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
6952
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6356
6953
|
#
|
6357
6954
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6358
6955
|
# CloudFront distributions.
|
@@ -6361,21 +6958,23 @@ module Aws::WAFV2
|
|
6361
6958
|
#
|
6362
6959
|
# @!attribute [rw] success_strings
|
6363
6960
|
# Strings in the body of the response that indicate a successful login
|
6364
|
-
# attempt. To be counted as a
|
6365
|
-
# anywhere in the body and must be an exact match, including
|
6366
|
-
# Each string must be unique among the success and failure
|
6367
|
-
#
|
6368
|
-
#
|
6369
|
-
#
|
6961
|
+
# or account creation attempt. To be counted as a success, the string
|
6962
|
+
# can be anywhere in the body and must be an exact match, including
|
6963
|
+
# case. Each string must be unique among the success and failure
|
6964
|
+
# strings.
|
6965
|
+
#
|
6966
|
+
# JSON examples: `"SuccessStrings": [ "Login successful" ]` and
|
6967
|
+
# `"SuccessStrings": [ "Account creation successful", "Welcome to our
|
6968
|
+
# site!" ]`
|
6370
6969
|
# @return [Array<String>]
|
6371
6970
|
#
|
6372
6971
|
# @!attribute [rw] failure_strings
|
6373
|
-
# Strings in the body of the response that indicate a failed login
|
6374
|
-
# attempt. To be counted as a
|
6375
|
-
# in the body and must be an exact match, including case.
|
6376
|
-
# must be unique among the success and failure strings.
|
6972
|
+
# Strings in the body of the response that indicate a failed login or
|
6973
|
+
# account creation attempt. To be counted as a failure, the string can
|
6974
|
+
# be anywhere in the body and must be an exact match, including case.
|
6975
|
+
# Each string must be unique among the success and failure strings.
|
6377
6976
|
#
|
6378
|
-
# JSON example: `"FailureStrings": [ "
|
6977
|
+
# JSON example: `"FailureStrings": [ "Request failed" ]`
|
6379
6978
|
# @return [Array<String>]
|
6380
6979
|
#
|
6381
6980
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionBodyContains AWS API Documentation
|
@@ -6388,7 +6987,8 @@ module Aws::WAFV2
|
|
6388
6987
|
end
|
6389
6988
|
|
6390
6989
|
# Configures inspection of the response header. This is part of the
|
6391
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
6990
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
6991
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6392
6992
|
#
|
6393
6993
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6394
6994
|
# CloudFront distributions.
|
@@ -6399,26 +6999,28 @@ module Aws::WAFV2
|
|
6399
6999
|
# The name of the header to match against. The name must be an exact
|
6400
7000
|
# match, including case.
|
6401
7001
|
#
|
6402
|
-
# JSON example: `"Name": [ "
|
7002
|
+
# JSON example: `"Name": [ "RequestResult" ]`
|
6403
7003
|
# @return [String]
|
6404
7004
|
#
|
6405
7005
|
# @!attribute [rw] success_values
|
6406
7006
|
# Values in the response header with the specified name that indicate
|
6407
|
-
# a successful login attempt. To be counted as a
|
6408
|
-
# value must be an exact match, including case. Each
|
6409
|
-
# unique among the success and failure values.
|
7007
|
+
# a successful login or account creation attempt. To be counted as a
|
7008
|
+
# success, the value must be an exact match, including case. Each
|
7009
|
+
# value must be unique among the success and failure values.
|
6410
7010
|
#
|
6411
|
-
# JSON
|
6412
|
-
# ]`
|
7011
|
+
# JSON examples: `"SuccessValues": [ "LoginPassed", "Successful login"
|
7012
|
+
# ]` and `"SuccessValues": [ "AccountCreated", "Successful account
|
7013
|
+
# creation" ]`
|
6413
7014
|
# @return [Array<String>]
|
6414
7015
|
#
|
6415
7016
|
# @!attribute [rw] failure_values
|
6416
7017
|
# Values in the response header with the specified name that indicate
|
6417
|
-
# a failed login attempt. To be counted as a
|
6418
|
-
# must be an exact match, including case. Each
|
6419
|
-
# among the success and failure values.
|
7018
|
+
# a failed login or account creation attempt. To be counted as a
|
7019
|
+
# failure, the value must be an exact match, including case. Each
|
7020
|
+
# value must be unique among the success and failure values.
|
6420
7021
|
#
|
6421
|
-
# JSON
|
7022
|
+
# JSON examples: `"FailureValues": [ "LoginFailed", "Failed login" ]`
|
7023
|
+
# and `"FailureValues": [ "AccountCreationFailed" ]`
|
6422
7024
|
# @return [Array<String>]
|
6423
7025
|
#
|
6424
7026
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionHeader AWS API Documentation
|
@@ -6433,7 +7035,8 @@ module Aws::WAFV2
|
|
6433
7035
|
|
6434
7036
|
# Configures inspection of the response JSON. WAF can inspect the first
|
6435
7037
|
# 65,536 bytes (64 KB) of the response JSON. This is part of the
|
6436
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
7038
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
7039
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6437
7040
|
#
|
6438
7041
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6439
7042
|
# CloudFront distributions.
|
@@ -6444,23 +7047,25 @@ module Aws::WAFV2
|
|
6444
7047
|
# The identifier for the value to match against in the JSON. The
|
6445
7048
|
# identifier must be an exact match, including case.
|
6446
7049
|
#
|
6447
|
-
# JSON
|
7050
|
+
# JSON examples: `"Identifier": [ "/login/success" ]` and
|
7051
|
+
# `"Identifier": [ "/sign-up/success" ]`
|
6448
7052
|
# @return [String]
|
6449
7053
|
#
|
6450
7054
|
# @!attribute [rw] success_values
|
6451
7055
|
# Values for the specified identifier in the response JSON that
|
6452
|
-
# indicate a successful login attempt. To be
|
6453
|
-
#
|
6454
|
-
# must be unique among the success and failure
|
7056
|
+
# indicate a successful login or account creation attempt. To be
|
7057
|
+
# counted as a success, the value must be an exact match, including
|
7058
|
+
# case. Each value must be unique among the success and failure
|
7059
|
+
# values.
|
6455
7060
|
#
|
6456
7061
|
# JSON example: `"SuccessValues": [ "True", "Succeeded" ]`
|
6457
7062
|
# @return [Array<String>]
|
6458
7063
|
#
|
6459
7064
|
# @!attribute [rw] failure_values
|
6460
7065
|
# Values for the specified identifier in the response JSON that
|
6461
|
-
# indicate a failed login attempt. To be counted
|
6462
|
-
# the value must be an exact match, including case. Each
|
6463
|
-
# unique among the success and failure values.
|
7066
|
+
# indicate a failed login or account creation attempt. To be counted
|
7067
|
+
# as a failure, the value must be an exact match, including case. Each
|
7068
|
+
# value must be unique among the success and failure values.
|
6464
7069
|
#
|
6465
7070
|
# JSON example: `"FailureValues": [ "False", "Failed" ]`
|
6466
7071
|
# @return [Array<String>]
|
@@ -6476,7 +7081,8 @@ module Aws::WAFV2
|
|
6476
7081
|
end
|
6477
7082
|
|
6478
7083
|
# Configures inspection of the response status code. This is part of the
|
6479
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
7084
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
7085
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6480
7086
|
#
|
6481
7087
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6482
7088
|
# CloudFront distributions.
|
@@ -6484,19 +7090,19 @@ module Aws::WAFV2
|
|
6484
7090
|
# </note>
|
6485
7091
|
#
|
6486
7092
|
# @!attribute [rw] success_codes
|
6487
|
-
# Status codes in the response that indicate a successful login
|
6488
|
-
# attempt. To be counted as a
|
6489
|
-
# code must match one of these. Each code must be unique among
|
6490
|
-
# success and failure status codes.
|
7093
|
+
# Status codes in the response that indicate a successful login or
|
7094
|
+
# account creation attempt. To be counted as a success, the response
|
7095
|
+
# status code must match one of these. Each code must be unique among
|
7096
|
+
# the success and failure status codes.
|
6491
7097
|
#
|
6492
7098
|
# JSON example: `"SuccessCodes": [ 200, 201 ]`
|
6493
7099
|
# @return [Array<Integer>]
|
6494
7100
|
#
|
6495
7101
|
# @!attribute [rw] failure_codes
|
6496
|
-
# Status codes in the response that indicate a failed login
|
6497
|
-
# To be counted as a
|
6498
|
-
# one of these. Each code must be unique among the
|
6499
|
-
# status codes.
|
7102
|
+
# Status codes in the response that indicate a failed login or account
|
7103
|
+
# creation attempt. To be counted as a failure, the response status
|
7104
|
+
# code must match one of these. Each code must be unique among the
|
7105
|
+
# success and failure status codes.
|
6500
7106
|
#
|
6501
7107
|
# JSON example: `"FailureCodes": [ 400, 404 ]`
|
6502
7108
|
# @return [Array<Integer>]
|
@@ -7427,9 +8033,11 @@ module Aws::WAFV2
|
|
7427
8033
|
# as a top-level statement within a rule.
|
7428
8034
|
#
|
7429
8035
|
# <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
|
7430
|
-
# managed rule group `AWSManagedRulesBotControlRuleSet
|
7431
|
-
#
|
7432
|
-
# `AWSManagedRulesATPRuleSet
|
8036
|
+
# managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
|
8037
|
+
# Control account takeover prevention (ATP) managed rule group
|
8038
|
+
# `AWSManagedRulesATPRuleSet`, or the WAF Fraud Control account
|
8039
|
+
# creation fraud prevention (ACFP) managed rule group
|
8040
|
+
# `AWSManagedRulesACFPRuleSet`. For more information, see [WAF
|
7433
8041
|
# Pricing][1].
|
7434
8042
|
#
|
7435
8043
|
# </note>
|
@@ -8348,12 +8956,34 @@ module Aws::WAFV2
|
|
8348
8956
|
#
|
8349
8957
|
class UriPath < Aws::EmptyStructure; end
|
8350
8958
|
|
8351
|
-
#
|
8352
|
-
#
|
8353
|
-
#
|
8959
|
+
# The name of the field in the request payload that contains your
|
8960
|
+
# customer's username.
|
8961
|
+
#
|
8962
|
+
# This data type is used in the `RequestInspection` and
|
8963
|
+
# `RequestInspectionACFP` data types.
|
8354
8964
|
#
|
8355
8965
|
# @!attribute [rw] identifier
|
8356
|
-
# The name of the username field.
|
8966
|
+
# The name of the username field.
|
8967
|
+
#
|
8968
|
+
# How you specify this depends on the request inspection payload type.
|
8969
|
+
#
|
8970
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
8971
|
+
# For information about the JSON Pointer syntax, see the Internet
|
8972
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
8973
|
+
# Notation (JSON) Pointer][1].
|
8974
|
+
#
|
8975
|
+
# For example, for the JSON payload `\{ "form": \{ "username":
|
8976
|
+
# "THE_USERNAME" \} \}`, the username field specification is
|
8977
|
+
# `/form/username`.
|
8978
|
+
#
|
8979
|
+
# * For form encoded payload types, use the HTML form names.
|
8980
|
+
#
|
8981
|
+
# For example, for an HTML form with the input element named
|
8982
|
+
# `username1`, the username field specification is `username1`
|
8983
|
+
#
|
8984
|
+
#
|
8985
|
+
#
|
8986
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
8357
8987
|
# @return [String]
|
8358
8988
|
#
|
8359
8989
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UsernameField AWS API Documentation
|
@@ -8401,15 +9031,15 @@ module Aws::WAFV2
|
|
8401
9031
|
# collection.
|
8402
9032
|
#
|
8403
9033
|
# @!attribute [rw] sampled_requests_enabled
|
8404
|
-
#
|
8405
|
-
#
|
8406
|
-
#
|
9034
|
+
# Indicates whether WAF should store a sampling of the web requests
|
9035
|
+
# that match the rules. You can view the sampled requests through the
|
9036
|
+
# WAF console.
|
8407
9037
|
# @return [Boolean]
|
8408
9038
|
#
|
8409
9039
|
# @!attribute [rw] cloud_watch_metrics_enabled
|
8410
|
-
#
|
8411
|
-
#
|
8412
|
-
#
|
9040
|
+
# Indicates whether the associated resource sends metrics to Amazon
|
9041
|
+
# CloudWatch. For the list of available metrics, see [WAF Metrics][1]
|
9042
|
+
# in the *WAF Developer Guide*.
|
8413
9043
|
#
|
8414
9044
|
# For web ACLs, the metrics are for web requests that have the web ACL
|
8415
9045
|
# default action applied. WAF applies the default action to web
|