aws-sdk-wafv2 1.61.0 → 1.62.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2/client.rb +271 -1825
- data/lib/aws-sdk-wafv2/client_api.rb +39 -0
- data/lib/aws-sdk-wafv2/types.rb +611 -134
- data/lib/aws-sdk-wafv2.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -51,6 +51,72 @@ module Aws::WAFV2
|
|
51
51
|
include Aws::Structure
|
52
52
|
end
|
53
53
|
|
54
|
+
# Details for your use of the account creation fraud prevention managed
|
55
|
+
# rule group, `AWSManagedRulesACFPRuleSet`. This configuration is used
|
56
|
+
# in `ManagedRuleGroupConfig`.
|
57
|
+
#
|
58
|
+
# @!attribute [rw] creation_path
|
59
|
+
# The path of the account creation endpoint for your application. This
|
60
|
+
# is the page on your website that accepts the completed registration
|
61
|
+
# form for a new user. This page must accept `POST` requests.
|
62
|
+
#
|
63
|
+
# For example, for the URL `https://example.com/web/signup`, you would
|
64
|
+
# provide the path `/web/signup`.
|
65
|
+
# @return [String]
|
66
|
+
#
|
67
|
+
# @!attribute [rw] registration_page_path
|
68
|
+
# The path of the account registration endpoint for your application.
|
69
|
+
# This is the page on your website that presents the registration form
|
70
|
+
# to new users.
|
71
|
+
#
|
72
|
+
# <note markdown="1"> This page must accept `GET` text/html requests.
|
73
|
+
#
|
74
|
+
# </note>
|
75
|
+
#
|
76
|
+
# For example, for the URL `https://example.com/web/register`, you
|
77
|
+
# would provide the path `/web/register`.
|
78
|
+
# @return [String]
|
79
|
+
#
|
80
|
+
# @!attribute [rw] request_inspection
|
81
|
+
# The criteria for inspecting account creation requests, used by the
|
82
|
+
# ACFP rule group to validate and track account creation attempts.
|
83
|
+
# @return [Types::RequestInspectionACFP]
|
84
|
+
#
|
85
|
+
# @!attribute [rw] response_inspection
|
86
|
+
# The criteria for inspecting responses to account creation requests,
|
87
|
+
# used by the ACFP rule group to track account creation success rates.
|
88
|
+
#
|
89
|
+
# <note markdown="1"> Response inspection is available only in web ACLs that protect
|
90
|
+
# Amazon CloudFront distributions.
|
91
|
+
#
|
92
|
+
# </note>
|
93
|
+
#
|
94
|
+
# The ACFP rule group evaluates the responses that your protected
|
95
|
+
# resources send back to client account creation attempts, keeping
|
96
|
+
# count of successful and failed attempts from each IP address and
|
97
|
+
# client session. Using this information, the rule group labels and
|
98
|
+
# mitigates requests from client sessions and IP addresses that have
|
99
|
+
# had too many successful account creation attempts in a short amount
|
100
|
+
# of time.
|
101
|
+
# @return [Types::ResponseInspection]
|
102
|
+
#
|
103
|
+
# @!attribute [rw] enable_regex_in_path
|
104
|
+
# Allow the use of regular expressions in the registration page path
|
105
|
+
# and the account creation path.
|
106
|
+
# @return [Boolean]
|
107
|
+
#
|
108
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesACFPRuleSet AWS API Documentation
|
109
|
+
#
|
110
|
+
class AWSManagedRulesACFPRuleSet < Struct.new(
|
111
|
+
:creation_path,
|
112
|
+
:registration_page_path,
|
113
|
+
:request_inspection,
|
114
|
+
:response_inspection,
|
115
|
+
:enable_regex_in_path)
|
116
|
+
SENSITIVE = []
|
117
|
+
include Aws::Structure
|
118
|
+
end
|
119
|
+
|
54
120
|
# Details for your use of the account takeover prevention managed rule
|
55
121
|
# group, `AWSManagedRulesATPRuleSet`. This configuration is used in
|
56
122
|
# `ManagedRuleGroupConfig`.
|
@@ -73,25 +139,30 @@ module Aws::WAFV2
|
|
73
139
|
# The criteria for inspecting responses to login requests, used by the
|
74
140
|
# ATP rule group to track login failure rates.
|
75
141
|
#
|
76
|
-
# The ATP rule group evaluates the responses that your protected
|
77
|
-
# resources send back to client login attempts, keeping count of
|
78
|
-
# successful and failed attempts from each IP address and client
|
79
|
-
# session. Using this information, the rule group labels and mitigates
|
80
|
-
# requests from client sessions and IP addresses that submit too many
|
81
|
-
# failed login attempts in a short amount of time.
|
82
|
-
#
|
83
142
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect
|
84
143
|
# Amazon CloudFront distributions.
|
85
144
|
#
|
86
145
|
# </note>
|
146
|
+
#
|
147
|
+
# The ATP rule group evaluates the responses that your protected
|
148
|
+
# resources send back to client login attempts, keeping count of
|
149
|
+
# successful and failed attempts for each IP address and client
|
150
|
+
# session. Using this information, the rule group labels and mitigates
|
151
|
+
# requests from client sessions and IP addresses that have had too
|
152
|
+
# many failed login attempts in a short amount of time.
|
87
153
|
# @return [Types::ResponseInspection]
|
88
154
|
#
|
155
|
+
# @!attribute [rw] enable_regex_in_path
|
156
|
+
# Allow the use of regular expressions in the login page path.
|
157
|
+
# @return [Boolean]
|
158
|
+
#
|
89
159
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesATPRuleSet AWS API Documentation
|
90
160
|
#
|
91
161
|
class AWSManagedRulesATPRuleSet < Struct.new(
|
92
162
|
:login_path,
|
93
163
|
:request_inspection,
|
94
|
-
:response_inspection
|
164
|
+
:response_inspection,
|
165
|
+
:enable_regex_in_path)
|
95
166
|
SENSITIVE = []
|
96
167
|
include Aws::Structure
|
97
168
|
end
|
@@ -141,6 +212,49 @@ module Aws::WAFV2
|
|
141
212
|
include Aws::Structure
|
142
213
|
end
|
143
214
|
|
215
|
+
# The name of a field in the request payload that contains part or all
|
216
|
+
# of your customer's primary physical address.
|
217
|
+
#
|
218
|
+
# This data type is used in the `RequestInspectionACFP` data type.
|
219
|
+
#
|
220
|
+
# @!attribute [rw] identifier
|
221
|
+
# The name of a single primary address field.
|
222
|
+
#
|
223
|
+
# How you specify the address fields depends on the request inspection
|
224
|
+
# payload type.
|
225
|
+
#
|
226
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
227
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
228
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
229
|
+
# Object Notation (JSON) Pointer][1].
|
230
|
+
#
|
231
|
+
# For example, for the JSON payload `\{ "form": \{
|
232
|
+
# "primaryaddressline1": "THE_ADDRESS1", "primaryaddressline2":
|
233
|
+
# "THE_ADDRESS2", "primaryaddressline3": "THE_ADDRESS3" \} \}`, the
|
234
|
+
# address field idenfiers are `/form/primaryaddressline1`,
|
235
|
+
# `/form/primaryaddressline2`, and `/form/primaryaddressline3`.
|
236
|
+
#
|
237
|
+
# * For form encoded payload types, use the HTML form names.
|
238
|
+
#
|
239
|
+
# For example, for an HTML form with input elements named
|
240
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
241
|
+
# `primaryaddressline3`, the address fields identifiers are
|
242
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
243
|
+
# `primaryaddressline3`.
|
244
|
+
#
|
245
|
+
#
|
246
|
+
#
|
247
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
248
|
+
# @return [String]
|
249
|
+
#
|
250
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AddressField AWS API Documentation
|
251
|
+
#
|
252
|
+
class AddressField < Struct.new(
|
253
|
+
:identifier)
|
254
|
+
SENSITIVE = []
|
255
|
+
include Aws::Structure
|
256
|
+
end
|
257
|
+
|
144
258
|
# Inspect all of the elements that WAF has parsed and extracted from the
|
145
259
|
# web request component that you've identified in your FieldToMatch
|
146
260
|
# specifications.
|
@@ -2066,6 +2180,43 @@ module Aws::WAFV2
|
|
2066
2180
|
#
|
2067
2181
|
class DisassociateWebACLResponse < Aws::EmptyStructure; end
|
2068
2182
|
|
2183
|
+
# The name of the field in the request payload that contains your
|
2184
|
+
# customer's email.
|
2185
|
+
#
|
2186
|
+
# This data type is used in the `RequestInspectionACFP` data type.
|
2187
|
+
#
|
2188
|
+
# @!attribute [rw] identifier
|
2189
|
+
# The name of the email field.
|
2190
|
+
#
|
2191
|
+
# How you specify this depends on the request inspection payload type.
|
2192
|
+
#
|
2193
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
2194
|
+
# For information about the JSON Pointer syntax, see the Internet
|
2195
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
2196
|
+
# Notation (JSON) Pointer][1].
|
2197
|
+
#
|
2198
|
+
# For example, for the JSON payload `\{ "form": \{ "email":
|
2199
|
+
# "THE_EMAIL" \} \}`, the email field specification is
|
2200
|
+
# `/form/email`.
|
2201
|
+
#
|
2202
|
+
# * For form encoded payload types, use the HTML form names.
|
2203
|
+
#
|
2204
|
+
# For example, for an HTML form with the input element named
|
2205
|
+
# `email1`, the email field specification is `email1`.
|
2206
|
+
#
|
2207
|
+
#
|
2208
|
+
#
|
2209
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
2210
|
+
# @return [String]
|
2211
|
+
#
|
2212
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/EmailField AWS API Documentation
|
2213
|
+
#
|
2214
|
+
class EmailField < Struct.new(
|
2215
|
+
:identifier)
|
2216
|
+
SENSITIVE = []
|
2217
|
+
include Aws::Structure
|
2218
|
+
end
|
2219
|
+
|
2069
2220
|
# Specifies a single rule in a rule group whose action you want to
|
2070
2221
|
# override to `Count`.
|
2071
2222
|
#
|
@@ -2204,9 +2355,8 @@ module Aws::WAFV2
|
|
2204
2355
|
# ordered as they appear in the web request that WAF receives for
|
2205
2356
|
# inspection. WAF generates the string and then uses that as the field
|
2206
2357
|
# to match component in its inspection. WAF separates the header names
|
2207
|
-
# in the string using
|
2208
|
-
#
|
2209
|
-
# Matches against the header order string are case insensitive.
|
2358
|
+
# in the string using colons and no added spaces, for example
|
2359
|
+
# `host:user-agent:accept:authorization:referer`.
|
2210
2360
|
# @return [Types::HeaderOrder]
|
2211
2361
|
#
|
2212
2362
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FieldToMatch AWS API Documentation
|
@@ -3137,10 +3287,12 @@ module Aws::WAFV2
|
|
3137
3287
|
# The URL to use in SDK integrations with Amazon Web Services managed
|
3138
3288
|
# rule groups. For example, you can use the integration SDKs with the
|
3139
3289
|
# account takeover prevention managed rule group
|
3140
|
-
# `AWSManagedRulesATPRuleSet
|
3141
|
-
#
|
3142
|
-
#
|
3143
|
-
#
|
3290
|
+
# `AWSManagedRulesATPRuleSet` and the account creation fraud
|
3291
|
+
# prevention managed rule group `AWSManagedRulesACFPRuleSet`. This is
|
3292
|
+
# only populated if you are using a rule group in your web ACL that
|
3293
|
+
# integrates with your applications in this way. For more information,
|
3294
|
+
# see [WAF client application integration][1] in the *WAF Developer
|
3295
|
+
# Guide*.
|
3144
3296
|
#
|
3145
3297
|
#
|
3146
3298
|
#
|
@@ -3274,9 +3426,8 @@ module Aws::WAFV2
|
|
3274
3426
|
# ordered as they appear in the web request that WAF receives for
|
3275
3427
|
# inspection. WAF generates the string and then uses that as the field
|
3276
3428
|
# to match component in its inspection. WAF separates the header names
|
3277
|
-
# in the string using
|
3278
|
-
#
|
3279
|
-
# Matches against the header order string are case insensitive.
|
3429
|
+
# in the string using colons and no added spaces, for example
|
3430
|
+
# `host:user-agent:accept:authorization:referer`.
|
3280
3431
|
#
|
3281
3432
|
# @!attribute [rw] oversize_handling
|
3282
3433
|
# What WAF should do if the headers of the request are more numerous
|
@@ -4667,12 +4818,18 @@ module Aws::WAFV2
|
|
4667
4818
|
# @return [Array<String>]
|
4668
4819
|
#
|
4669
4820
|
# @!attribute [rw] redacted_fields
|
4670
|
-
# The parts of the request that you want to keep out of the logs.
|
4671
|
-
#
|
4672
|
-
#
|
4821
|
+
# The parts of the request that you want to keep out of the logs.
|
4822
|
+
#
|
4823
|
+
# For example, if you redact the `SingleHeader` field, the `HEADER`
|
4824
|
+
# field in the logs will be `REDACTED` for all rules that use the
|
4825
|
+
# `SingleHeader` `FieldToMatch` setting.
|
4826
|
+
#
|
4827
|
+
# Redaction applies only to the component that's specified in the
|
4828
|
+
# rule's `FieldToMatch` setting, so the `SingleHeader` redaction
|
4829
|
+
# doesn't apply to rules that use the `Headers` `FieldToMatch`.
|
4673
4830
|
#
|
4674
4831
|
# <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
|
4675
|
-
# `QueryString`, `SingleHeader`,
|
4832
|
+
# `QueryString`, `SingleHeader`, and `Method`.
|
4676
4833
|
#
|
4677
4834
|
# </note>
|
4678
4835
|
# @return [Array<Types::FieldToMatch>]
|
@@ -4803,14 +4960,24 @@ module Aws::WAFV2
|
|
4803
4960
|
# Additional information that's used by a managed rule group. Many
|
4804
4961
|
# managed rule groups don't require this.
|
4805
4962
|
#
|
4806
|
-
#
|
4807
|
-
#
|
4808
|
-
#
|
4809
|
-
#
|
4963
|
+
# The rule groups used for intelligent threat mitigation require
|
4964
|
+
# additional configuration:
|
4965
|
+
#
|
4966
|
+
# * Use the `AWSManagedRulesACFPRuleSet` configuration object to
|
4967
|
+
# configure the account creation fraud prevention managed rule group.
|
4968
|
+
# The configuration includes the registration and sign-up pages of
|
4969
|
+
# your application and the locations in the account creation request
|
4970
|
+
# payload of data, such as the user email and phone number fields.
|
4810
4971
|
#
|
4811
|
-
# Use the `
|
4812
|
-
#
|
4813
|
-
#
|
4972
|
+
# * Use the `AWSManagedRulesATPRuleSet` configuration object to
|
4973
|
+
# configure the account takeover prevention managed rule group. The
|
4974
|
+
# configuration includes the sign-in page of your application and the
|
4975
|
+
# locations in the login request payload of data such as the username
|
4976
|
+
# and password.
|
4977
|
+
#
|
4978
|
+
# * Use the `AWSManagedRulesBotControlRuleSet` configuration object to
|
4979
|
+
# configure the protection level that you want the Bot Control rule
|
4980
|
+
# group to use.
|
4814
4981
|
#
|
4815
4982
|
# For example specifications, see the examples section of CreateWebACL.
|
4816
4983
|
#
|
@@ -4822,22 +4989,25 @@ module Aws::WAFV2
|
|
4822
4989
|
# @return [String]
|
4823
4990
|
#
|
4824
4991
|
# @!attribute [rw] payload_type
|
4825
|
-
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4826
|
-
# `AWSManagedRulesATPRuleSet`
|
4992
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under the
|
4993
|
+
# request inspection configuration for `AWSManagedRulesATPRuleSet` or
|
4994
|
+
# `AWSManagedRulesACFPRuleSet`.
|
4827
4995
|
#
|
4828
4996
|
# </note>
|
4829
4997
|
# @return [String]
|
4830
4998
|
#
|
4831
4999
|
# @!attribute [rw] username_field
|
4832
|
-
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4833
|
-
# `AWSManagedRulesATPRuleSet`
|
5000
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under the
|
5001
|
+
# request inspection configuration for `AWSManagedRulesATPRuleSet` or
|
5002
|
+
# `AWSManagedRulesACFPRuleSet`.
|
4834
5003
|
#
|
4835
5004
|
# </note>
|
4836
5005
|
# @return [Types::UsernameField]
|
4837
5006
|
#
|
4838
5007
|
# @!attribute [rw] password_field
|
4839
|
-
# <note markdown="1"> Instead of this setting, provide your configuration under
|
4840
|
-
# `AWSManagedRulesATPRuleSet`
|
5008
|
+
# <note markdown="1"> Instead of this setting, provide your configuration under the
|
5009
|
+
# request inspection configuration for `AWSManagedRulesATPRuleSet` or
|
5010
|
+
# `AWSManagedRulesACFPRuleSet`.
|
4841
5011
|
#
|
4842
5012
|
# </note>
|
4843
5013
|
# @return [Types::PasswordField]
|
@@ -4877,6 +5047,25 @@ module Aws::WAFV2
|
|
4877
5047
|
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html
|
4878
5048
|
# @return [Types::AWSManagedRulesATPRuleSet]
|
4879
5049
|
#
|
5050
|
+
# @!attribute [rw] aws_managed_rules_acfp_rule_set
|
5051
|
+
# Additional configuration for using the account creation fraud
|
5052
|
+
# prevention (ACFP) managed rule group, `AWSManagedRulesACFPRuleSet`.
|
5053
|
+
# Use this to provide account creation request information to the rule
|
5054
|
+
# group. For web ACLs that protect CloudFront distributions, use this
|
5055
|
+
# to also provide the information about how your distribution responds
|
5056
|
+
# to account creation requests.
|
5057
|
+
#
|
5058
|
+
# For information about using the ACFP managed rule group, see [WAF
|
5059
|
+
# Fraud Control account creation fraud prevention (ACFP) rule
|
5060
|
+
# group][1] and [WAF Fraud Control account creation fraud prevention
|
5061
|
+
# (ACFP)][2] in the *WAF Developer Guide*.
|
5062
|
+
#
|
5063
|
+
#
|
5064
|
+
#
|
5065
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-acfp.html
|
5066
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html
|
5067
|
+
# @return [Types::AWSManagedRulesACFPRuleSet]
|
5068
|
+
#
|
4880
5069
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupConfig AWS API Documentation
|
4881
5070
|
#
|
4882
5071
|
class ManagedRuleGroupConfig < Struct.new(
|
@@ -4885,7 +5074,8 @@ module Aws::WAFV2
|
|
4885
5074
|
:username_field,
|
4886
5075
|
:password_field,
|
4887
5076
|
:aws_managed_rules_bot_control_rule_set,
|
4888
|
-
:aws_managed_rules_atp_rule_set
|
5077
|
+
:aws_managed_rules_atp_rule_set,
|
5078
|
+
:aws_managed_rules_acfp_rule_set)
|
4889
5079
|
SENSITIVE = []
|
4890
5080
|
include Aws::Structure
|
4891
5081
|
end
|
@@ -4900,9 +5090,11 @@ module Aws::WAFV2
|
|
4900
5090
|
# a top-level statement within a rule.
|
4901
5091
|
#
|
4902
5092
|
# <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
|
4903
|
-
# managed rule group `AWSManagedRulesBotControlRuleSet
|
5093
|
+
# managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
|
4904
5094
|
# Control account takeover prevention (ATP) managed rule group
|
4905
|
-
# `AWSManagedRulesATPRuleSet
|
5095
|
+
# `AWSManagedRulesATPRuleSet`, or the WAF Fraud Control account creation
|
5096
|
+
# fraud prevention (ACFP) managed rule group
|
5097
|
+
# `AWSManagedRulesACFPRuleSet`. For more information, see [WAF
|
4906
5098
|
# Pricing][1].
|
4907
5099
|
#
|
4908
5100
|
# </note>
|
@@ -4951,14 +5143,25 @@ module Aws::WAFV2
|
|
4951
5143
|
# Additional information that's used by a managed rule group. Many
|
4952
5144
|
# managed rule groups don't require this.
|
4953
5145
|
#
|
4954
|
-
#
|
4955
|
-
#
|
4956
|
-
#
|
4957
|
-
#
|
4958
|
-
#
|
4959
|
-
#
|
4960
|
-
#
|
4961
|
-
#
|
5146
|
+
# The rule groups used for intelligent threat mitigation require
|
5147
|
+
# additional configuration:
|
5148
|
+
#
|
5149
|
+
# * Use the `AWSManagedRulesACFPRuleSet` configuration object to
|
5150
|
+
# configure the account creation fraud prevention managed rule
|
5151
|
+
# group. The configuration includes the registration and sign-up
|
5152
|
+
# pages of your application and the locations in the account
|
5153
|
+
# creation request payload of data, such as the user email and phone
|
5154
|
+
# number fields.
|
5155
|
+
#
|
5156
|
+
# * Use the `AWSManagedRulesATPRuleSet` configuration object to
|
5157
|
+
# configure the account takeover prevention managed rule group. The
|
5158
|
+
# configuration includes the sign-in page of your application and
|
5159
|
+
# the locations in the login request payload of data such as the
|
5160
|
+
# username and password.
|
5161
|
+
#
|
5162
|
+
# * Use the `AWSManagedRulesBotControlRuleSet` configuration object to
|
5163
|
+
# configure the protection level that you want the Bot Control rule
|
5164
|
+
# group to use.
|
4962
5165
|
# @return [Array<Types::ManagedRuleGroupConfig>]
|
4963
5166
|
#
|
4964
5167
|
# @!attribute [rw] rule_action_overrides
|
@@ -5426,12 +5629,34 @@ module Aws::WAFV2
|
|
5426
5629
|
include Aws::Structure
|
5427
5630
|
end
|
5428
5631
|
|
5429
|
-
#
|
5430
|
-
#
|
5431
|
-
#
|
5632
|
+
# The name of the field in the request payload that contains your
|
5633
|
+
# customer's password.
|
5634
|
+
#
|
5635
|
+
# This data type is used in the `RequestInspection` and
|
5636
|
+
# `RequestInspectionACFP` data types.
|
5432
5637
|
#
|
5433
5638
|
# @!attribute [rw] identifier
|
5434
|
-
# The name of the password field.
|
5639
|
+
# The name of the password field.
|
5640
|
+
#
|
5641
|
+
# How you specify this depends on the request inspection payload type.
|
5642
|
+
#
|
5643
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
5644
|
+
# For information about the JSON Pointer syntax, see the Internet
|
5645
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
5646
|
+
# Notation (JSON) Pointer][1].
|
5647
|
+
#
|
5648
|
+
# For example, for the JSON payload `\{ "form": \{ "password":
|
5649
|
+
# "THE_PASSWORD" \} \}`, the password field specification is
|
5650
|
+
# `/form/password`.
|
5651
|
+
#
|
5652
|
+
# * For form encoded payload types, use the HTML form names.
|
5653
|
+
#
|
5654
|
+
# For example, for an HTML form with the input element named
|
5655
|
+
# `password1`, the password field specification is `password1`.
|
5656
|
+
#
|
5657
|
+
#
|
5658
|
+
#
|
5659
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
5435
5660
|
# @return [String]
|
5436
5661
|
#
|
5437
5662
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PasswordField AWS API Documentation
|
@@ -5442,6 +5667,48 @@ module Aws::WAFV2
|
|
5442
5667
|
include Aws::Structure
|
5443
5668
|
end
|
5444
5669
|
|
5670
|
+
# The name of a field in the request payload that contains part or all
|
5671
|
+
# of your customer's primary phone number.
|
5672
|
+
#
|
5673
|
+
# This data type is used in the `RequestInspectionACFP` data type.
|
5674
|
+
#
|
5675
|
+
# @!attribute [rw] identifier
|
5676
|
+
# The name of a single primary phone number field.
|
5677
|
+
#
|
5678
|
+
# How you specify the phone number fields depends on the request
|
5679
|
+
# inspection payload type.
|
5680
|
+
#
|
5681
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
5682
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
5683
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
5684
|
+
# Object Notation (JSON) Pointer][1].
|
5685
|
+
#
|
5686
|
+
# For example, for the JSON payload `\{ "form": \{
|
5687
|
+
# "primaryphoneline1": "THE_PHONE1", "primaryphoneline2":
|
5688
|
+
# "THE_PHONE2", "primaryphoneline3": "THE_PHONE3" \} \}`, the phone
|
5689
|
+
# number field identifiers are `/form/primaryphoneline1`,
|
5690
|
+
# `/form/primaryphoneline2`, and `/form/primaryphoneline3`.
|
5691
|
+
#
|
5692
|
+
# * For form encoded payload types, use the HTML form names.
|
5693
|
+
#
|
5694
|
+
# For example, for an HTML form with input elements named
|
5695
|
+
# `primaryphoneline1`, `primaryphoneline2`, and `primaryphoneline3`,
|
5696
|
+
# the phone number field identifiers are `primaryphoneline1`,
|
5697
|
+
# `primaryphoneline2`, and `primaryphoneline3`.
|
5698
|
+
#
|
5699
|
+
#
|
5700
|
+
#
|
5701
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
5702
|
+
# @return [String]
|
5703
|
+
#
|
5704
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PhoneNumberField AWS API Documentation
|
5705
|
+
#
|
5706
|
+
class PhoneNumberField < Struct.new(
|
5707
|
+
:identifier)
|
5708
|
+
SENSITIVE = []
|
5709
|
+
include Aws::Structure
|
5710
|
+
end
|
5711
|
+
|
5445
5712
|
# @!attribute [rw] logging_configuration
|
5446
5713
|
# @return [Types::LoggingConfiguration]
|
5447
5714
|
#
|
@@ -6390,25 +6657,24 @@ module Aws::WAFV2
|
|
6390
6657
|
# @return [String]
|
6391
6658
|
#
|
6392
6659
|
# @!attribute [rw] username_field
|
6393
|
-
#
|
6660
|
+
# The name of the field in the request payload that contains your
|
6661
|
+
# customer's username.
|
6394
6662
|
#
|
6395
|
-
# How you specify this depends on the payload type.
|
6663
|
+
# How you specify this depends on the request inspection payload type.
|
6396
6664
|
#
|
6397
6665
|
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6398
6666
|
# For information about the JSON Pointer syntax, see the Internet
|
6399
6667
|
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6400
6668
|
# Notation (JSON) Pointer][1].
|
6401
6669
|
#
|
6402
|
-
# For example, for the JSON payload `\{ "
|
6403
|
-
# "THE_USERNAME"
|
6404
|
-
#
|
6405
|
-
# specification is `/login/password`.
|
6670
|
+
# For example, for the JSON payload `\{ "form": \{ "username":
|
6671
|
+
# "THE_USERNAME" \} \}`, the username field specification is
|
6672
|
+
# `/form/username`.
|
6406
6673
|
#
|
6407
6674
|
# * For form encoded payload types, use the HTML form names.
|
6408
6675
|
#
|
6409
|
-
# For example, for an HTML form with input
|
6410
|
-
# `username1
|
6411
|
-
# `username1` and the password field specification is `password1`.
|
6676
|
+
# For example, for an HTML form with the input element named
|
6677
|
+
# `username1`, the username field specification is `username1`
|
6412
6678
|
#
|
6413
6679
|
#
|
6414
6680
|
#
|
@@ -6416,25 +6682,24 @@ module Aws::WAFV2
|
|
6416
6682
|
# @return [Types::UsernameField]
|
6417
6683
|
#
|
6418
6684
|
# @!attribute [rw] password_field
|
6419
|
-
#
|
6685
|
+
# The name of the field in the request payload that contains your
|
6686
|
+
# customer's password.
|
6420
6687
|
#
|
6421
|
-
# How you specify this depends on the payload type.
|
6688
|
+
# How you specify this depends on the request inspection payload type.
|
6422
6689
|
#
|
6423
6690
|
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6424
6691
|
# For information about the JSON Pointer syntax, see the Internet
|
6425
6692
|
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6426
6693
|
# Notation (JSON) Pointer][1].
|
6427
6694
|
#
|
6428
|
-
# For example, for the JSON payload `\{ "
|
6429
|
-
# "
|
6430
|
-
#
|
6431
|
-
# specification is `/login/password`.
|
6695
|
+
# For example, for the JSON payload `\{ "form": \{ "password":
|
6696
|
+
# "THE_PASSWORD" \} \}`, the password field specification is
|
6697
|
+
# `/form/password`.
|
6432
6698
|
#
|
6433
6699
|
# * For form encoded payload types, use the HTML form names.
|
6434
6700
|
#
|
6435
|
-
# For example, for an HTML form with input
|
6436
|
-
# `
|
6437
|
-
# `username1` and the password field specification is `password1`.
|
6701
|
+
# For example, for an HTML form with the input element named
|
6702
|
+
# `password1`, the password field specification is `password1`.
|
6438
6703
|
#
|
6439
6704
|
#
|
6440
6705
|
#
|
@@ -6451,45 +6716,223 @@ module Aws::WAFV2
|
|
6451
6716
|
include Aws::Structure
|
6452
6717
|
end
|
6453
6718
|
|
6454
|
-
# The criteria for inspecting
|
6455
|
-
#
|
6719
|
+
# The criteria for inspecting account creation requests, used by the
|
6720
|
+
# ACFP rule group to validate and track account creation attempts.
|
6456
6721
|
#
|
6457
|
-
#
|
6458
|
-
#
|
6459
|
-
#
|
6460
|
-
#
|
6461
|
-
#
|
6462
|
-
#
|
6722
|
+
# This is part of the `AWSManagedRulesACFPRuleSet` configuration in
|
6723
|
+
# `ManagedRuleGroupConfig`.
|
6724
|
+
#
|
6725
|
+
# In these settings, you specify how your application accepts account
|
6726
|
+
# creation attempts by providing the request payload type and the names
|
6727
|
+
# of the fields within the request body where the username, password,
|
6728
|
+
# email, and primary address and phone number fields are provided.
|
6729
|
+
#
|
6730
|
+
# @!attribute [rw] payload_type
|
6731
|
+
# The payload type for your account creation endpoint, either JSON or
|
6732
|
+
# form encoded.
|
6733
|
+
# @return [String]
|
6734
|
+
#
|
6735
|
+
# @!attribute [rw] username_field
|
6736
|
+
# The name of the field in the request payload that contains your
|
6737
|
+
# customer's username.
|
6738
|
+
#
|
6739
|
+
# How you specify this depends on the request inspection payload type.
|
6740
|
+
#
|
6741
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6742
|
+
# For information about the JSON Pointer syntax, see the Internet
|
6743
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6744
|
+
# Notation (JSON) Pointer][1].
|
6745
|
+
#
|
6746
|
+
# For example, for the JSON payload `\{ "form": \{ "username":
|
6747
|
+
# "THE_USERNAME" \} \}`, the username field specification is
|
6748
|
+
# `/form/username`.
|
6749
|
+
#
|
6750
|
+
# * For form encoded payload types, use the HTML form names.
|
6751
|
+
#
|
6752
|
+
# For example, for an HTML form with the input element named
|
6753
|
+
# `username1`, the username field specification is `username1`
|
6754
|
+
#
|
6755
|
+
#
|
6756
|
+
#
|
6757
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6758
|
+
# @return [Types::UsernameField]
|
6759
|
+
#
|
6760
|
+
# @!attribute [rw] password_field
|
6761
|
+
# The name of the field in the request payload that contains your
|
6762
|
+
# customer's password.
|
6763
|
+
#
|
6764
|
+
# How you specify this depends on the request inspection payload type.
|
6765
|
+
#
|
6766
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6767
|
+
# For information about the JSON Pointer syntax, see the Internet
|
6768
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6769
|
+
# Notation (JSON) Pointer][1].
|
6770
|
+
#
|
6771
|
+
# For example, for the JSON payload `\{ "form": \{ "password":
|
6772
|
+
# "THE_PASSWORD" \} \}`, the password field specification is
|
6773
|
+
# `/form/password`.
|
6774
|
+
#
|
6775
|
+
# * For form encoded payload types, use the HTML form names.
|
6776
|
+
#
|
6777
|
+
# For example, for an HTML form with the input element named
|
6778
|
+
# `password1`, the password field specification is `password1`.
|
6779
|
+
#
|
6780
|
+
#
|
6781
|
+
#
|
6782
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6783
|
+
# @return [Types::PasswordField]
|
6784
|
+
#
|
6785
|
+
# @!attribute [rw] email_field
|
6786
|
+
# The name of the field in the request payload that contains your
|
6787
|
+
# customer's email.
|
6788
|
+
#
|
6789
|
+
# How you specify this depends on the request inspection payload type.
|
6790
|
+
#
|
6791
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
6792
|
+
# For information about the JSON Pointer syntax, see the Internet
|
6793
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
6794
|
+
# Notation (JSON) Pointer][1].
|
6795
|
+
#
|
6796
|
+
# For example, for the JSON payload `\{ "form": \{ "email":
|
6797
|
+
# "THE_EMAIL" \} \}`, the email field specification is
|
6798
|
+
# `/form/email`.
|
6799
|
+
#
|
6800
|
+
# * For form encoded payload types, use the HTML form names.
|
6801
|
+
#
|
6802
|
+
# For example, for an HTML form with the input element named
|
6803
|
+
# `email1`, the email field specification is `email1`.
|
6804
|
+
#
|
6805
|
+
#
|
6806
|
+
#
|
6807
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6808
|
+
# @return [Types::EmailField]
|
6809
|
+
#
|
6810
|
+
# @!attribute [rw] phone_number_fields
|
6811
|
+
# The names of the fields in the request payload that contain your
|
6812
|
+
# customer's primary phone number.
|
6813
|
+
#
|
6814
|
+
# Order the phone number fields in the array exactly as they are
|
6815
|
+
# ordered in the request payload.
|
6816
|
+
#
|
6817
|
+
# How you specify the phone number fields depends on the request
|
6818
|
+
# inspection payload type.
|
6819
|
+
#
|
6820
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
6821
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
6822
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
6823
|
+
# Object Notation (JSON) Pointer][1].
|
6824
|
+
#
|
6825
|
+
# For example, for the JSON payload `\{ "form": \{
|
6826
|
+
# "primaryphoneline1": "THE_PHONE1", "primaryphoneline2":
|
6827
|
+
# "THE_PHONE2", "primaryphoneline3": "THE_PHONE3" \} \}`, the phone
|
6828
|
+
# number field identifiers are `/form/primaryphoneline1`,
|
6829
|
+
# `/form/primaryphoneline2`, and `/form/primaryphoneline3`.
|
6830
|
+
#
|
6831
|
+
# * For form encoded payload types, use the HTML form names.
|
6832
|
+
#
|
6833
|
+
# For example, for an HTML form with input elements named
|
6834
|
+
# `primaryphoneline1`, `primaryphoneline2`, and `primaryphoneline3`,
|
6835
|
+
# the phone number field identifiers are `primaryphoneline1`,
|
6836
|
+
# `primaryphoneline2`, and `primaryphoneline3`.
|
6837
|
+
#
|
6838
|
+
#
|
6839
|
+
#
|
6840
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6841
|
+
# @return [Array<Types::PhoneNumberField>]
|
6842
|
+
#
|
6843
|
+
# @!attribute [rw] address_fields
|
6844
|
+
# The names of the fields in the request payload that contain your
|
6845
|
+
# customer's primary physical address.
|
6846
|
+
#
|
6847
|
+
# Order the address fields in the array exactly as they are ordered in
|
6848
|
+
# the request payload.
|
6849
|
+
#
|
6850
|
+
# How you specify the address fields depends on the request inspection
|
6851
|
+
# payload type.
|
6852
|
+
#
|
6853
|
+
# * For JSON payloads, specify the field identifiers in JSON pointer
|
6854
|
+
# syntax. For information about the JSON Pointer syntax, see the
|
6855
|
+
# Internet Engineering Task Force (IETF) documentation [JavaScript
|
6856
|
+
# Object Notation (JSON) Pointer][1].
|
6857
|
+
#
|
6858
|
+
# For example, for the JSON payload `\{ "form": \{
|
6859
|
+
# "primaryaddressline1": "THE_ADDRESS1", "primaryaddressline2":
|
6860
|
+
# "THE_ADDRESS2", "primaryaddressline3": "THE_ADDRESS3" \} \}`, the
|
6861
|
+
# address field idenfiers are `/form/primaryaddressline1`,
|
6862
|
+
# `/form/primaryaddressline2`, and `/form/primaryaddressline3`.
|
6863
|
+
#
|
6864
|
+
# * For form encoded payload types, use the HTML form names.
|
6865
|
+
#
|
6866
|
+
# For example, for an HTML form with input elements named
|
6867
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
6868
|
+
# `primaryaddressline3`, the address fields identifiers are
|
6869
|
+
# `primaryaddressline1`, `primaryaddressline2`, and
|
6870
|
+
# `primaryaddressline3`.
|
6871
|
+
#
|
6872
|
+
#
|
6873
|
+
#
|
6874
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
6875
|
+
# @return [Array<Types::AddressField>]
|
6876
|
+
#
|
6877
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestInspectionACFP AWS API Documentation
|
6878
|
+
#
|
6879
|
+
class RequestInspectionACFP < Struct.new(
|
6880
|
+
:payload_type,
|
6881
|
+
:username_field,
|
6882
|
+
:password_field,
|
6883
|
+
:email_field,
|
6884
|
+
:phone_number_fields,
|
6885
|
+
:address_fields)
|
6886
|
+
SENSITIVE = []
|
6887
|
+
include Aws::Structure
|
6888
|
+
end
|
6889
|
+
|
6890
|
+
# The criteria for inspecting responses to login requests and account
|
6891
|
+
# creation requests, used by the ATP and ACFP rule groups to track login
|
6892
|
+
# and account creation success and failure rates.
|
6463
6893
|
#
|
6464
6894
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6465
6895
|
# CloudFront distributions.
|
6466
6896
|
#
|
6467
6897
|
# </note>
|
6468
6898
|
#
|
6469
|
-
#
|
6899
|
+
# The rule groups evaluates the responses that your protected resources
|
6900
|
+
# send back to client login and account creation attempts, keeping count
|
6901
|
+
# of successful and failed attempts from each IP address and client
|
6902
|
+
# session. Using this information, the rule group labels and mitigates
|
6903
|
+
# requests from client sessions and IP addresses with too much
|
6904
|
+
# suspicious activity in a short amount of time.
|
6905
|
+
#
|
6906
|
+
# This is part of the `AWSManagedRulesATPRuleSet` and
|
6907
|
+
# `AWSManagedRulesACFPRuleSet` configurations in
|
6470
6908
|
# `ManagedRuleGroupConfig`.
|
6471
6909
|
#
|
6472
|
-
# Enable
|
6473
|
-
#
|
6474
|
-
#
|
6475
|
-
# inspection
|
6910
|
+
# Enable response inspection by configuring exactly one component of the
|
6911
|
+
# response to inspect, for example, `Header` or `StatusCode`. You can't
|
6912
|
+
# configure more than one component for inspection. If you don't
|
6913
|
+
# configure any of the response inspection options, response inspection
|
6914
|
+
# is disabled.
|
6476
6915
|
#
|
6477
6916
|
# @!attribute [rw] status_code
|
6478
|
-
# Configures inspection of the response status code
|
6917
|
+
# Configures inspection of the response status code for success and
|
6918
|
+
# failure indicators.
|
6479
6919
|
# @return [Types::ResponseInspectionStatusCode]
|
6480
6920
|
#
|
6481
6921
|
# @!attribute [rw] header
|
6482
|
-
# Configures inspection of the response header
|
6922
|
+
# Configures inspection of the response header for success and failure
|
6923
|
+
# indicators.
|
6483
6924
|
# @return [Types::ResponseInspectionHeader]
|
6484
6925
|
#
|
6485
6926
|
# @!attribute [rw] body_contains
|
6486
|
-
# Configures inspection of the response body
|
6487
|
-
# first 65,536 bytes (64 KB) of the
|
6927
|
+
# Configures inspection of the response body for success and failure
|
6928
|
+
# indicators. WAF can inspect the first 65,536 bytes (64 KB) of the
|
6929
|
+
# response body.
|
6488
6930
|
# @return [Types::ResponseInspectionBodyContains]
|
6489
6931
|
#
|
6490
6932
|
# @!attribute [rw] json
|
6491
|
-
# Configures inspection of the response JSON
|
6492
|
-
# first 65,536 bytes (64 KB) of the
|
6933
|
+
# Configures inspection of the response JSON for success and failure
|
6934
|
+
# indicators. WAF can inspect the first 65,536 bytes (64 KB) of the
|
6935
|
+
# response JSON.
|
6493
6936
|
# @return [Types::ResponseInspectionJson]
|
6494
6937
|
#
|
6495
6938
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspection AWS API Documentation
|
@@ -6505,7 +6948,8 @@ module Aws::WAFV2
|
|
6505
6948
|
|
6506
6949
|
# Configures inspection of the response body. WAF can inspect the first
|
6507
6950
|
# 65,536 bytes (64 KB) of the response body. This is part of the
|
6508
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
6951
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
6952
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6509
6953
|
#
|
6510
6954
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6511
6955
|
# CloudFront distributions.
|
@@ -6514,21 +6958,23 @@ module Aws::WAFV2
|
|
6514
6958
|
#
|
6515
6959
|
# @!attribute [rw] success_strings
|
6516
6960
|
# Strings in the body of the response that indicate a successful login
|
6517
|
-
# attempt. To be counted as a
|
6518
|
-
# anywhere in the body and must be an exact match, including
|
6519
|
-
# Each string must be unique among the success and failure
|
6520
|
-
#
|
6521
|
-
#
|
6522
|
-
#
|
6961
|
+
# or account creation attempt. To be counted as a success, the string
|
6962
|
+
# can be anywhere in the body and must be an exact match, including
|
6963
|
+
# case. Each string must be unique among the success and failure
|
6964
|
+
# strings.
|
6965
|
+
#
|
6966
|
+
# JSON examples: `"SuccessStrings": [ "Login successful" ]` and
|
6967
|
+
# `"SuccessStrings": [ "Account creation successful", "Welcome to our
|
6968
|
+
# site!" ]`
|
6523
6969
|
# @return [Array<String>]
|
6524
6970
|
#
|
6525
6971
|
# @!attribute [rw] failure_strings
|
6526
|
-
# Strings in the body of the response that indicate a failed login
|
6527
|
-
# attempt. To be counted as a
|
6528
|
-
# in the body and must be an exact match, including case.
|
6529
|
-
# must be unique among the success and failure strings.
|
6972
|
+
# Strings in the body of the response that indicate a failed login or
|
6973
|
+
# account creation attempt. To be counted as a failure, the string can
|
6974
|
+
# be anywhere in the body and must be an exact match, including case.
|
6975
|
+
# Each string must be unique among the success and failure strings.
|
6530
6976
|
#
|
6531
|
-
# JSON example: `"FailureStrings": [ "
|
6977
|
+
# JSON example: `"FailureStrings": [ "Request failed" ]`
|
6532
6978
|
# @return [Array<String>]
|
6533
6979
|
#
|
6534
6980
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionBodyContains AWS API Documentation
|
@@ -6541,7 +6987,8 @@ module Aws::WAFV2
|
|
6541
6987
|
end
|
6542
6988
|
|
6543
6989
|
# Configures inspection of the response header. This is part of the
|
6544
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
6990
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
6991
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6545
6992
|
#
|
6546
6993
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6547
6994
|
# CloudFront distributions.
|
@@ -6552,26 +6999,28 @@ module Aws::WAFV2
|
|
6552
6999
|
# The name of the header to match against. The name must be an exact
|
6553
7000
|
# match, including case.
|
6554
7001
|
#
|
6555
|
-
# JSON example: `"Name": [ "
|
7002
|
+
# JSON example: `"Name": [ "RequestResult" ]`
|
6556
7003
|
# @return [String]
|
6557
7004
|
#
|
6558
7005
|
# @!attribute [rw] success_values
|
6559
7006
|
# Values in the response header with the specified name that indicate
|
6560
|
-
# a successful login attempt. To be counted as a
|
6561
|
-
# value must be an exact match, including case. Each
|
6562
|
-
# unique among the success and failure values.
|
7007
|
+
# a successful login or account creation attempt. To be counted as a
|
7008
|
+
# success, the value must be an exact match, including case. Each
|
7009
|
+
# value must be unique among the success and failure values.
|
6563
7010
|
#
|
6564
|
-
# JSON
|
6565
|
-
# ]`
|
7011
|
+
# JSON examples: `"SuccessValues": [ "LoginPassed", "Successful login"
|
7012
|
+
# ]` and `"SuccessValues": [ "AccountCreated", "Successful account
|
7013
|
+
# creation" ]`
|
6566
7014
|
# @return [Array<String>]
|
6567
7015
|
#
|
6568
7016
|
# @!attribute [rw] failure_values
|
6569
7017
|
# Values in the response header with the specified name that indicate
|
6570
|
-
# a failed login attempt. To be counted as a
|
6571
|
-
# must be an exact match, including case. Each
|
6572
|
-
# among the success and failure values.
|
7018
|
+
# a failed login or account creation attempt. To be counted as a
|
7019
|
+
# failure, the value must be an exact match, including case. Each
|
7020
|
+
# value must be unique among the success and failure values.
|
6573
7021
|
#
|
6574
|
-
# JSON
|
7022
|
+
# JSON examples: `"FailureValues": [ "LoginFailed", "Failed login" ]`
|
7023
|
+
# and `"FailureValues": [ "AccountCreationFailed" ]`
|
6575
7024
|
# @return [Array<String>]
|
6576
7025
|
#
|
6577
7026
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspectionHeader AWS API Documentation
|
@@ -6586,7 +7035,8 @@ module Aws::WAFV2
|
|
6586
7035
|
|
6587
7036
|
# Configures inspection of the response JSON. WAF can inspect the first
|
6588
7037
|
# 65,536 bytes (64 KB) of the response JSON. This is part of the
|
6589
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
7038
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
7039
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6590
7040
|
#
|
6591
7041
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6592
7042
|
# CloudFront distributions.
|
@@ -6597,23 +7047,25 @@ module Aws::WAFV2
|
|
6597
7047
|
# The identifier for the value to match against in the JSON. The
|
6598
7048
|
# identifier must be an exact match, including case.
|
6599
7049
|
#
|
6600
|
-
# JSON
|
7050
|
+
# JSON examples: `"Identifier": [ "/login/success" ]` and
|
7051
|
+
# `"Identifier": [ "/sign-up/success" ]`
|
6601
7052
|
# @return [String]
|
6602
7053
|
#
|
6603
7054
|
# @!attribute [rw] success_values
|
6604
7055
|
# Values for the specified identifier in the response JSON that
|
6605
|
-
# indicate a successful login attempt. To be
|
6606
|
-
#
|
6607
|
-
# must be unique among the success and failure
|
7056
|
+
# indicate a successful login or account creation attempt. To be
|
7057
|
+
# counted as a success, the value must be an exact match, including
|
7058
|
+
# case. Each value must be unique among the success and failure
|
7059
|
+
# values.
|
6608
7060
|
#
|
6609
7061
|
# JSON example: `"SuccessValues": [ "True", "Succeeded" ]`
|
6610
7062
|
# @return [Array<String>]
|
6611
7063
|
#
|
6612
7064
|
# @!attribute [rw] failure_values
|
6613
7065
|
# Values for the specified identifier in the response JSON that
|
6614
|
-
# indicate a failed login attempt. To be counted
|
6615
|
-
# the value must be an exact match, including case. Each
|
6616
|
-
# unique among the success and failure values.
|
7066
|
+
# indicate a failed login or account creation attempt. To be counted
|
7067
|
+
# as a failure, the value must be an exact match, including case. Each
|
7068
|
+
# value must be unique among the success and failure values.
|
6617
7069
|
#
|
6618
7070
|
# JSON example: `"FailureValues": [ "False", "Failed" ]`
|
6619
7071
|
# @return [Array<String>]
|
@@ -6629,7 +7081,8 @@ module Aws::WAFV2
|
|
6629
7081
|
end
|
6630
7082
|
|
6631
7083
|
# Configures inspection of the response status code. This is part of the
|
6632
|
-
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet
|
7084
|
+
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and
|
7085
|
+
# `AWSManagedRulesACFPRuleSet`.
|
6633
7086
|
#
|
6634
7087
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
6635
7088
|
# CloudFront distributions.
|
@@ -6637,19 +7090,19 @@ module Aws::WAFV2
|
|
6637
7090
|
# </note>
|
6638
7091
|
#
|
6639
7092
|
# @!attribute [rw] success_codes
|
6640
|
-
# Status codes in the response that indicate a successful login
|
6641
|
-
# attempt. To be counted as a
|
6642
|
-
# code must match one of these. Each code must be unique among
|
6643
|
-
# success and failure status codes.
|
7093
|
+
# Status codes in the response that indicate a successful login or
|
7094
|
+
# account creation attempt. To be counted as a success, the response
|
7095
|
+
# status code must match one of these. Each code must be unique among
|
7096
|
+
# the success and failure status codes.
|
6644
7097
|
#
|
6645
7098
|
# JSON example: `"SuccessCodes": [ 200, 201 ]`
|
6646
7099
|
# @return [Array<Integer>]
|
6647
7100
|
#
|
6648
7101
|
# @!attribute [rw] failure_codes
|
6649
|
-
# Status codes in the response that indicate a failed login
|
6650
|
-
# To be counted as a
|
6651
|
-
# one of these. Each code must be unique among the
|
6652
|
-
# status codes.
|
7102
|
+
# Status codes in the response that indicate a failed login or account
|
7103
|
+
# creation attempt. To be counted as a failure, the response status
|
7104
|
+
# code must match one of these. Each code must be unique among the
|
7105
|
+
# success and failure status codes.
|
6653
7106
|
#
|
6654
7107
|
# JSON example: `"FailureCodes": [ 400, 404 ]`
|
6655
7108
|
# @return [Array<Integer>]
|
@@ -7580,9 +8033,11 @@ module Aws::WAFV2
|
|
7580
8033
|
# as a top-level statement within a rule.
|
7581
8034
|
#
|
7582
8035
|
# <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
|
7583
|
-
# managed rule group `AWSManagedRulesBotControlRuleSet
|
7584
|
-
#
|
7585
|
-
# `AWSManagedRulesATPRuleSet
|
8036
|
+
# managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
|
8037
|
+
# Control account takeover prevention (ATP) managed rule group
|
8038
|
+
# `AWSManagedRulesATPRuleSet`, or the WAF Fraud Control account
|
8039
|
+
# creation fraud prevention (ACFP) managed rule group
|
8040
|
+
# `AWSManagedRulesACFPRuleSet`. For more information, see [WAF
|
7586
8041
|
# Pricing][1].
|
7587
8042
|
#
|
7588
8043
|
# </note>
|
@@ -8501,12 +8956,34 @@ module Aws::WAFV2
|
|
8501
8956
|
#
|
8502
8957
|
class UriPath < Aws::EmptyStructure; end
|
8503
8958
|
|
8504
|
-
#
|
8505
|
-
#
|
8506
|
-
#
|
8959
|
+
# The name of the field in the request payload that contains your
|
8960
|
+
# customer's username.
|
8961
|
+
#
|
8962
|
+
# This data type is used in the `RequestInspection` and
|
8963
|
+
# `RequestInspectionACFP` data types.
|
8507
8964
|
#
|
8508
8965
|
# @!attribute [rw] identifier
|
8509
|
-
# The name of the username field.
|
8966
|
+
# The name of the username field.
|
8967
|
+
#
|
8968
|
+
# How you specify this depends on the request inspection payload type.
|
8969
|
+
#
|
8970
|
+
# * For JSON payloads, specify the field name in JSON pointer syntax.
|
8971
|
+
# For information about the JSON Pointer syntax, see the Internet
|
8972
|
+
# Engineering Task Force (IETF) documentation [JavaScript Object
|
8973
|
+
# Notation (JSON) Pointer][1].
|
8974
|
+
#
|
8975
|
+
# For example, for the JSON payload `\{ "form": \{ "username":
|
8976
|
+
# "THE_USERNAME" \} \}`, the username field specification is
|
8977
|
+
# `/form/username`.
|
8978
|
+
#
|
8979
|
+
# * For form encoded payload types, use the HTML form names.
|
8980
|
+
#
|
8981
|
+
# For example, for an HTML form with the input element named
|
8982
|
+
# `username1`, the username field specification is `username1`
|
8983
|
+
#
|
8984
|
+
#
|
8985
|
+
#
|
8986
|
+
# [1]: https://tools.ietf.org/html/rfc6901
|
8510
8987
|
# @return [String]
|
8511
8988
|
#
|
8512
8989
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UsernameField AWS API Documentation
|