aws-sdk-wafv2 1.67.0 → 1.69.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2/client.rb +169 -59
- data/lib/aws-sdk-wafv2/client_api.rb +6 -0
- data/lib/aws-sdk-wafv2/types.rb +221 -244
- data/lib/aws-sdk-wafv2.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -60,8 +60,13 @@ module Aws::WAFV2
|
|
60
60
|
# is the page on your website that accepts the completed registration
|
61
61
|
# form for a new user. This page must accept `POST` requests.
|
62
62
|
#
|
63
|
-
# For example, for the URL `https://example.com/web/
|
64
|
-
# provide the path `/web/
|
63
|
+
# For example, for the URL `https://example.com/web/newaccount`, you
|
64
|
+
# would provide the path `/web/newaccount`. Account creation page
|
65
|
+
# paths that start with the path that you provide are considered a
|
66
|
+
# match. For example `/web/newaccount` matches the account creation
|
67
|
+
# paths `/web/newaccount`, `/web/newaccount/`, `/web/newaccountPage`,
|
68
|
+
# and `/web/newaccount/thisPage`, but doesn't match the path
|
69
|
+
# `/home/web/newaccount` or `/website/newaccount`.
|
65
70
|
# @return [String]
|
66
71
|
#
|
67
72
|
# @!attribute [rw] registration_page_path
|
@@ -73,8 +78,13 @@ module Aws::WAFV2
|
|
73
78
|
#
|
74
79
|
# </note>
|
75
80
|
#
|
76
|
-
# For example, for the URL `https://example.com/web/
|
77
|
-
# would provide the path `/web/
|
81
|
+
# For example, for the URL `https://example.com/web/registration`, you
|
82
|
+
# would provide the path `/web/registration`. Registration page paths
|
83
|
+
# that start with the path that you provide are considered a match.
|
84
|
+
# For example `/web/registration` matches the registration paths
|
85
|
+
# `/web/registration`, `/web/registration/`, `/web/registrationPage`,
|
86
|
+
# and `/web/registration/thisPage`, but doesn't match the path
|
87
|
+
# `/home/web/registration` or `/website/registration`.
|
78
88
|
# @return [String]
|
79
89
|
#
|
80
90
|
# @!attribute [rw] request_inspection
|
@@ -124,7 +134,11 @@ module Aws::WAFV2
|
|
124
134
|
# @!attribute [rw] login_path
|
125
135
|
# The path of the login endpoint for your application. For example,
|
126
136
|
# for the URL `https://example.com/web/login`, you would provide the
|
127
|
-
# path `/web/login`.
|
137
|
+
# path `/web/login`. Login paths that start with the path that you
|
138
|
+
# provide are considered a match. For example `/web/login` matches the
|
139
|
+
# login paths `/web/login`, `/web/login/`, `/web/loginPage`, and
|
140
|
+
# `/web/login/thisPage`, but doesn't match the login path
|
141
|
+
# `/home/web/login` or `/website/login`.
|
128
142
|
#
|
129
143
|
# The rule group inspects only HTTP `POST` requests to your specified
|
130
144
|
# login endpoint.
|
@@ -183,10 +197,31 @@ module Aws::WAFV2
|
|
183
197
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html
|
184
198
|
# @return [String]
|
185
199
|
#
|
200
|
+
# @!attribute [rw] enable_machine_learning
|
201
|
+
# Applies only to the targeted inspection level.
|
202
|
+
#
|
203
|
+
# Determines whether to use machine learning (ML) to analyze your web
|
204
|
+
# traffic for bot-related activity. Machine learning is required for
|
205
|
+
# the Bot Control rules `TGT_ML_CoordinatedActivityLow` and
|
206
|
+
# `TGT_ML_CoordinatedActivityMedium`, which inspect for anomalous
|
207
|
+
# behavior that might indicate distributed, coordinated bot activity.
|
208
|
+
#
|
209
|
+
# For more information about this choice, see the listing for these
|
210
|
+
# rules in the table at [Bot Control rules listing][1] in the *WAF
|
211
|
+
# Developer Guide*.
|
212
|
+
#
|
213
|
+
# Default: `TRUE`
|
214
|
+
#
|
215
|
+
#
|
216
|
+
#
|
217
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html#aws-managed-rule-groups-bot-rules
|
218
|
+
# @return [Boolean]
|
219
|
+
#
|
186
220
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesBotControlRuleSet AWS API Documentation
|
187
221
|
#
|
188
222
|
class AWSManagedRulesBotControlRuleSet < Struct.new(
|
189
|
-
:inspection_level
|
223
|
+
:inspection_level,
|
224
|
+
:enable_machine_learning)
|
190
225
|
SENSITIVE = []
|
191
226
|
include Aws::Structure
|
192
227
|
end
|
@@ -379,7 +414,7 @@ module Aws::WAFV2
|
|
379
414
|
#
|
380
415
|
# Use this to customize the maximum size of the request body that your
|
381
416
|
# protected CloudFront distributions forward to WAF for inspection. The
|
382
|
-
# default is 16 KB (16,384
|
417
|
+
# default is 16 KB (16,384 bytes).
|
383
418
|
#
|
384
419
|
# <note markdown="1"> You are charged additional fees when your protected resources forward
|
385
420
|
# body sizes that are larger than the default. For more information, see
|
@@ -394,7 +429,7 @@ module Aws::WAFV2
|
|
394
429
|
# @!attribute [rw] request_body
|
395
430
|
# Customizes the maximum size of the request body that your protected
|
396
431
|
# CloudFront distributions forward to WAF for inspection. The default
|
397
|
-
# size is 16 KB (16,384
|
432
|
+
# size is 16 KB (16,384 bytes).
|
398
433
|
#
|
399
434
|
# <note markdown="1"> You are charged additional fees when your protected resources
|
400
435
|
# forward body sizes that are larger than the default. For more
|
@@ -455,9 +490,9 @@ module Aws::WAFV2
|
|
455
490
|
# forwards the contents that are below the limit to WAF for
|
456
491
|
# inspection.
|
457
492
|
#
|
458
|
-
# The default limit is 8 KB (8,192
|
459
|
-
#
|
460
|
-
#
|
493
|
+
# The default limit is 8 KB (8,192 bytes) for regional resources and
|
494
|
+
# 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront
|
495
|
+
# distributions, you can increase the limit in the web ACL
|
461
496
|
# `AssociationConfig`, for additional processing fees.
|
462
497
|
#
|
463
498
|
# The options for oversize handling are the following:
|
@@ -507,6 +542,10 @@ module Aws::WAFV2
|
|
507
542
|
# * `UriPath`: The value that you want WAF to search for in the URI
|
508
543
|
# path, for example, `/images/daily-ad.jpg`.
|
509
544
|
#
|
545
|
+
# * `JA3Fingerprint`: The string to match against the web request's
|
546
|
+
# JA3 fingerprint header. The header contains a hash fingerprint of
|
547
|
+
# the TLS Client Hello packet for the request.
|
548
|
+
#
|
510
549
|
# * `HeaderOrder`: The comma-separated list of header names to match
|
511
550
|
# for. WAF creates a string that contains the ordered list of header
|
512
551
|
# names, from the headers in the web request, and then matches
|
@@ -545,7 +584,7 @@ module Aws::WAFV2
|
|
545
584
|
# before using them as custom aggregation keys. If you specify one or
|
546
585
|
# more transformations to apply, WAF performs all transformations on
|
547
586
|
# the specified content, starting from the lowest priority setting,
|
548
|
-
# and then uses the component contents.
|
587
|
+
# and then uses the transformed component contents.
|
549
588
|
# @return [Array<Types::TextTransformation>]
|
550
589
|
#
|
551
590
|
# @!attribute [rw] positional_constraint
|
@@ -1064,27 +1103,24 @@ module Aws::WAFV2
|
|
1064
1103
|
#
|
1065
1104
|
# @!attribute [rw] addresses
|
1066
1105
|
# Contains an array of strings that specifies zero or more IP
|
1067
|
-
# addresses or blocks of IP addresses
|
1068
|
-
#
|
1069
|
-
#
|
1106
|
+
# addresses or blocks of IP addresses that you want WAF to inspect for
|
1107
|
+
# in incoming requests. All addresses must be specified using
|
1108
|
+
# Classless Inter-Domain Routing (CIDR) notation. WAF supports all
|
1109
|
+
# IPv4 and IPv6 CIDR ranges except for `/0`.
|
1070
1110
|
#
|
1071
1111
|
# Example address strings:
|
1072
1112
|
#
|
1073
|
-
# *
|
1074
|
-
#
|
1075
|
-
# `192.0.2.44/32`.
|
1113
|
+
# * For requests that originated from the IP address 192.0.2.44,
|
1114
|
+
# specify `192.0.2.44/32`.
|
1076
1115
|
#
|
1077
|
-
# *
|
1078
|
-
#
|
1079
|
-
# specify `192.0.2.0/24`.
|
1116
|
+
# * For requests that originated from IP addresses from 192.0.2.0 to
|
1117
|
+
# 192.0.2.255, specify `192.0.2.0/24`.
|
1080
1118
|
#
|
1081
|
-
# *
|
1082
|
-
# originated from the IP address
|
1119
|
+
# * For requests that originated from the IP address
|
1083
1120
|
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
1084
1121
|
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
1085
1122
|
#
|
1086
|
-
# *
|
1087
|
-
# originated from IP addresses
|
1123
|
+
# * For requests that originated from IP addresses
|
1088
1124
|
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
1089
1125
|
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
1090
1126
|
# `1111:0000:0000:0000:0000:0000:0000:0000/64`.
|
@@ -1251,9 +1287,9 @@ module Aws::WAFV2
|
|
1251
1287
|
#
|
1252
1288
|
# @!attribute [rw] rules
|
1253
1289
|
# The Rule statements used to identify the web requests that you want
|
1254
|
-
# to
|
1255
|
-
#
|
1256
|
-
#
|
1290
|
+
# to manage. Each rule includes one top-level statement that WAF uses
|
1291
|
+
# to identify matching web requests, and parameters that govern how
|
1292
|
+
# WAF handles them.
|
1257
1293
|
# @return [Array<Types::Rule>]
|
1258
1294
|
#
|
1259
1295
|
# @!attribute [rw] visibility_config
|
@@ -1348,9 +1384,9 @@ module Aws::WAFV2
|
|
1348
1384
|
#
|
1349
1385
|
# @!attribute [rw] rules
|
1350
1386
|
# The Rule statements used to identify the web requests that you want
|
1351
|
-
# to
|
1352
|
-
#
|
1353
|
-
#
|
1387
|
+
# to manage. Each rule includes one top-level statement that WAF uses
|
1388
|
+
# to identify matching web requests, and parameters that govern how
|
1389
|
+
# WAF handles them.
|
1354
1390
|
# @return [Array<Types::Rule>]
|
1355
1391
|
#
|
1356
1392
|
# @!attribute [rw] visibility_config
|
@@ -1417,7 +1453,7 @@ module Aws::WAFV2
|
|
1417
1453
|
#
|
1418
1454
|
# Use this to customize the maximum size of the request body that your
|
1419
1455
|
# protected CloudFront distributions forward to WAF for inspection.
|
1420
|
-
# The default is 16 KB (16,384
|
1456
|
+
# The default is 16 KB (16,384 bytes).
|
1421
1457
|
#
|
1422
1458
|
# <note markdown="1"> You are charged additional fees when your protected resources
|
1423
1459
|
# forward body sizes that are larger than the default. For more
|
@@ -1560,8 +1596,9 @@ module Aws::WAFV2
|
|
1560
1596
|
# @return [String]
|
1561
1597
|
#
|
1562
1598
|
# @!attribute [rw] response_headers
|
1563
|
-
# The HTTP headers to use in the response.
|
1564
|
-
# not
|
1599
|
+
# The HTTP headers to use in the response. You can specify any header
|
1600
|
+
# name except for `content-type`. Duplicate header names are not
|
1601
|
+
# allowed.
|
1565
1602
|
#
|
1566
1603
|
# For information about the limits on count and size for custom
|
1567
1604
|
# request and response settings, see [WAF quotas][1] in the *WAF
|
@@ -2293,10 +2330,10 @@ module Aws::WAFV2
|
|
2293
2330
|
#
|
2294
2331
|
# A limited amount of the request body is forwarded to WAF for
|
2295
2332
|
# inspection by the underlying host service. For regional resources,
|
2296
|
-
# the limit is 8 KB (8,192
|
2297
|
-
#
|
2298
|
-
#
|
2299
|
-
#
|
2333
|
+
# the limit is 8 KB (8,192 bytes) and for CloudFront distributions,
|
2334
|
+
# the limit is 16 KB (16,384 bytes). For CloudFront distributions, you
|
2335
|
+
# can increase the limit in the web ACL's `AssociationConfig`, for
|
2336
|
+
# additional processing fees.
|
2300
2337
|
#
|
2301
2338
|
# For information about how to handle oversized request bodies, see
|
2302
2339
|
# the `Body` object configuration.
|
@@ -2315,10 +2352,10 @@ module Aws::WAFV2
|
|
2315
2352
|
#
|
2316
2353
|
# A limited amount of the request body is forwarded to WAF for
|
2317
2354
|
# inspection by the underlying host service. For regional resources,
|
2318
|
-
# the limit is 8 KB (8,192
|
2319
|
-
#
|
2320
|
-
#
|
2321
|
-
#
|
2355
|
+
# the limit is 8 KB (8,192 bytes) and for CloudFront distributions,
|
2356
|
+
# the limit is 16 KB (16,384 bytes). For CloudFront distributions, you
|
2357
|
+
# can increase the limit in the web ACL's `AssociationConfig`, for
|
2358
|
+
# additional processing fees.
|
2322
2359
|
#
|
2323
2360
|
# For information about how to handle oversized request bodies, see
|
2324
2361
|
# the `JsonBody` object configuration.
|
@@ -2359,6 +2396,18 @@ module Aws::WAFV2
|
|
2359
2396
|
# `host:user-agent:accept:authorization:referer`.
|
2360
2397
|
# @return [Types::HeaderOrder]
|
2361
2398
|
#
|
2399
|
+
# @!attribute [rw] ja3_fingerprint
|
2400
|
+
# Match against the request's JA3 fingerprint header. The header
|
2401
|
+
# contains a hash fingerprint of the TLS Client Hello packet for the
|
2402
|
+
# request.
|
2403
|
+
#
|
2404
|
+
# <note markdown="1"> You can use this choice only with a string match
|
2405
|
+
# `ByteMatchStatement` with the `PositionalConstraint` set to
|
2406
|
+
# `EXACTLY`.
|
2407
|
+
#
|
2408
|
+
# </note>
|
2409
|
+
# @return [Types::JA3Fingerprint]
|
2410
|
+
#
|
2362
2411
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FieldToMatch AWS API Documentation
|
2363
2412
|
#
|
2364
2413
|
class FieldToMatch < Struct.new(
|
@@ -2372,7 +2421,8 @@ module Aws::WAFV2
|
|
2372
2421
|
:json_body,
|
2373
2422
|
:headers,
|
2374
2423
|
:cookies,
|
2375
|
-
:header_order
|
2424
|
+
:header_order,
|
2425
|
+
:ja3_fingerprint)
|
2376
2426
|
SENSITIVE = []
|
2377
2427
|
include Aws::Structure
|
2378
2428
|
end
|
@@ -3552,27 +3602,24 @@ module Aws::WAFV2
|
|
3552
3602
|
#
|
3553
3603
|
# @!attribute [rw] addresses
|
3554
3604
|
# Contains an array of strings that specifies zero or more IP
|
3555
|
-
# addresses or blocks of IP addresses
|
3556
|
-
#
|
3557
|
-
#
|
3605
|
+
# addresses or blocks of IP addresses that you want WAF to inspect for
|
3606
|
+
# in incoming requests. All addresses must be specified using
|
3607
|
+
# Classless Inter-Domain Routing (CIDR) notation. WAF supports all
|
3608
|
+
# IPv4 and IPv6 CIDR ranges except for `/0`.
|
3558
3609
|
#
|
3559
3610
|
# Example address strings:
|
3560
3611
|
#
|
3561
|
-
# *
|
3562
|
-
#
|
3563
|
-
# `192.0.2.44/32`.
|
3612
|
+
# * For requests that originated from the IP address 192.0.2.44,
|
3613
|
+
# specify `192.0.2.44/32`.
|
3564
3614
|
#
|
3565
|
-
# *
|
3566
|
-
#
|
3567
|
-
# specify `192.0.2.0/24`.
|
3615
|
+
# * For requests that originated from IP addresses from 192.0.2.0 to
|
3616
|
+
# 192.0.2.255, specify `192.0.2.0/24`.
|
3568
3617
|
#
|
3569
|
-
# *
|
3570
|
-
# originated from the IP address
|
3618
|
+
# * For requests that originated from the IP address
|
3571
3619
|
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
3572
3620
|
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
3573
3621
|
#
|
3574
|
-
# *
|
3575
|
-
# originated from IP addresses
|
3622
|
+
# * For requests that originated from IP addresses
|
3576
3623
|
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
3577
3624
|
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
3578
3625
|
# `1111:0000:0000:0000:0000:0000:0000:0000/64`.
|
@@ -3785,6 +3832,36 @@ module Aws::WAFV2
|
|
3785
3832
|
include Aws::Structure
|
3786
3833
|
end
|
3787
3834
|
|
3835
|
+
# Match against the request's JA3 fingerprint header. The header
|
3836
|
+
# contains a hash fingerprint of the TLS Client Hello packet for the
|
3837
|
+
# request.
|
3838
|
+
#
|
3839
|
+
# <note markdown="1"> You can use this choice only with a string match `ByteMatchStatement`
|
3840
|
+
# with the `PositionalConstraint` set to `EXACTLY`.
|
3841
|
+
#
|
3842
|
+
# </note>
|
3843
|
+
#
|
3844
|
+
# @!attribute [rw] fallback_behavior
|
3845
|
+
# The match status to assign to the web request if the request
|
3846
|
+
# doesn't have a JA3 fingerprint.
|
3847
|
+
#
|
3848
|
+
# You can specify the following fallback behaviors:
|
3849
|
+
#
|
3850
|
+
# * `MATCH` - Treat the web request as matching the rule statement.
|
3851
|
+
# WAF applies the rule action to the request.
|
3852
|
+
#
|
3853
|
+
# * `NO_MATCH` - Treat the web request as not matching the rule
|
3854
|
+
# statement.
|
3855
|
+
# @return [String]
|
3856
|
+
#
|
3857
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/JA3Fingerprint AWS API Documentation
|
3858
|
+
#
|
3859
|
+
class JA3Fingerprint < Struct.new(
|
3860
|
+
:fallback_behavior)
|
3861
|
+
SENSITIVE = []
|
3862
|
+
include Aws::Structure
|
3863
|
+
end
|
3864
|
+
|
3788
3865
|
# Inspect the body of the web request as JSON. The body immediately
|
3789
3866
|
# follows the request headers.
|
3790
3867
|
#
|
@@ -3849,9 +3926,9 @@ module Aws::WAFV2
|
|
3849
3926
|
# forwards the contents that are below the limit to WAF for
|
3850
3927
|
# inspection.
|
3851
3928
|
#
|
3852
|
-
# The default limit is 8 KB (8,192
|
3853
|
-
#
|
3854
|
-
#
|
3929
|
+
# The default limit is 8 KB (8,192 bytes) for regional resources and
|
3930
|
+
# 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront
|
3931
|
+
# distributions, you can increase the limit in the web ACL
|
3855
3932
|
# `AssociationConfig`, for additional processing fees.
|
3856
3933
|
#
|
3857
3934
|
# The options for oversize handling are the following:
|
@@ -5086,8 +5163,10 @@ module Aws::WAFV2
|
|
5086
5163
|
# calling ListAvailableManagedRuleGroups.
|
5087
5164
|
#
|
5088
5165
|
# You cannot nest a `ManagedRuleGroupStatement`, for example for use
|
5089
|
-
# inside a `NotStatement` or `OrStatement`.
|
5090
|
-
#
|
5166
|
+
# inside a `NotStatement` or `OrStatement`. You cannot use a managed
|
5167
|
+
# rule group inside another rule group. You can only reference a managed
|
5168
|
+
# rule group as a top-level statement within a rule that you define in a
|
5169
|
+
# web ACL.
|
5091
5170
|
#
|
5092
5171
|
# <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
|
5093
5172
|
# managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
|
@@ -6232,7 +6311,7 @@ module Aws::WAFV2
|
|
6232
6311
|
# before using them as custom aggregation keys. If you specify one or
|
6233
6312
|
# more transformations to apply, WAF performs all transformations on
|
6234
6313
|
# the specified content, starting from the lowest priority setting,
|
6235
|
-
# and then uses the component contents.
|
6314
|
+
# and then uses the transformed component contents.
|
6236
6315
|
# @return [Array<Types::TextTransformation>]
|
6237
6316
|
#
|
6238
6317
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitCookie AWS API Documentation
|
@@ -6302,7 +6381,7 @@ module Aws::WAFV2
|
|
6302
6381
|
# before using them as custom aggregation keys. If you specify one or
|
6303
6382
|
# more transformations to apply, WAF performs all transformations on
|
6304
6383
|
# the specified content, starting from the lowest priority setting,
|
6305
|
-
# and then uses the component contents.
|
6384
|
+
# and then uses the transformed component contents.
|
6306
6385
|
# @return [Array<Types::TextTransformation>]
|
6307
6386
|
#
|
6308
6387
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitHeader AWS API Documentation
|
@@ -6379,7 +6458,7 @@ module Aws::WAFV2
|
|
6379
6458
|
# before using them as custom aggregation keys. If you specify one or
|
6380
6459
|
# more transformations to apply, WAF performs all transformations on
|
6381
6460
|
# the specified content, starting from the lowest priority setting,
|
6382
|
-
# and then uses the component contents.
|
6461
|
+
# and then uses the transformed component contents.
|
6383
6462
|
# @return [Array<Types::TextTransformation>]
|
6384
6463
|
#
|
6385
6464
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitQueryArgument AWS API Documentation
|
@@ -6405,7 +6484,7 @@ module Aws::WAFV2
|
|
6405
6484
|
# before using them as custom aggregation keys. If you specify one or
|
6406
6485
|
# more transformations to apply, WAF performs all transformations on
|
6407
6486
|
# the specified content, starting from the lowest priority setting,
|
6408
|
-
# and then uses the component contents.
|
6487
|
+
# and then uses the transformed component contents.
|
6409
6488
|
# @return [Array<Types::TextTransformation>]
|
6410
6489
|
#
|
6411
6490
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitQueryString AWS API Documentation
|
@@ -6430,7 +6509,7 @@ module Aws::WAFV2
|
|
6430
6509
|
# before using them as custom aggregation keys. If you specify one or
|
6431
6510
|
# more transformations to apply, WAF performs all transformations on
|
6432
6511
|
# the specified content, starting from the lowest priority setting,
|
6433
|
-
# and then uses the component contents.
|
6512
|
+
# and then uses the transformed component contents.
|
6434
6513
|
# @return [Array<Types::TextTransformation>]
|
6435
6514
|
#
|
6436
6515
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitUriPath AWS API Documentation
|
@@ -6475,7 +6554,7 @@ module Aws::WAFV2
|
|
6475
6554
|
# before using them as custom aggregation keys. If you specify one or
|
6476
6555
|
# more transformations to apply, WAF performs all transformations on
|
6477
6556
|
# the specified content, starting from the lowest priority setting,
|
6478
|
-
# and then uses the component contents.
|
6557
|
+
# and then uses the transformed component contents.
|
6479
6558
|
# @return [Array<Types::TextTransformation>]
|
6480
6559
|
#
|
6481
6560
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
|
@@ -6559,7 +6638,7 @@ module Aws::WAFV2
|
|
6559
6638
|
# before using them as custom aggregation keys. If you specify one or
|
6560
6639
|
# more transformations to apply, WAF performs all transformations on
|
6561
6640
|
# the specified content, starting from the lowest priority setting,
|
6562
|
-
# and then uses the component contents.
|
6641
|
+
# and then uses the transformed component contents.
|
6563
6642
|
# @return [Array<Types::TextTransformation>]
|
6564
6643
|
#
|
6565
6644
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexPatternSetReferenceStatement AWS API Documentation
|
@@ -6642,7 +6721,7 @@ module Aws::WAFV2
|
|
6642
6721
|
|
6643
6722
|
# Customizes the maximum size of the request body that your protected
|
6644
6723
|
# CloudFront distributions forward to WAF for inspection. The default
|
6645
|
-
# size is 16 KB (16,384
|
6724
|
+
# size is 16 KB (16,384 bytes).
|
6646
6725
|
#
|
6647
6726
|
# <note markdown="1"> You are charged additional fees when your protected resources forward
|
6648
6727
|
# body sizes that are larger than the default. For more information, see
|
@@ -6662,7 +6741,7 @@ module Aws::WAFV2
|
|
6662
6741
|
# inspection. This applies to statements in the web ACL that inspect
|
6663
6742
|
# the body or JSON body.
|
6664
6743
|
#
|
6665
|
-
# Default: `16 KB (16,384
|
6744
|
+
# Default: `16 KB (16,384 bytes)`
|
6666
6745
|
# @return [String]
|
6667
6746
|
#
|
6668
6747
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestBodyAssociatedResourceTypeConfig AWS API Documentation
|
@@ -7150,13 +7229,17 @@ module Aws::WAFV2
|
|
7150
7229
|
end
|
7151
7230
|
|
7152
7231
|
# A single rule, which you can use in a WebACL or RuleGroup to identify
|
7153
|
-
# web requests that you want to
|
7154
|
-
#
|
7155
|
-
#
|
7232
|
+
# web requests that you want to manage in some way. Each rule includes
|
7233
|
+
# one top-level Statement that WAF uses to identify matching web
|
7234
|
+
# requests, and parameters that govern how WAF handles them.
|
7156
7235
|
#
|
7157
7236
|
# @!attribute [rw] name
|
7158
|
-
# The name of the rule.
|
7159
|
-
#
|
7237
|
+
# The name of the rule.
|
7238
|
+
#
|
7239
|
+
# If you change the name of a `Rule` after you create it and you want
|
7240
|
+
# the rule's metric name to reflect the change, update the metric
|
7241
|
+
# name in the rule's `VisibilityConfig` settings. WAF doesn't
|
7242
|
+
# automatically update the metric name when you update the rule name.
|
7160
7243
|
# @return [String]
|
7161
7244
|
#
|
7162
7245
|
# @!attribute [rw] priority
|
@@ -7239,6 +7322,10 @@ module Aws::WAFV2
|
|
7239
7322
|
# @!attribute [rw] visibility_config
|
7240
7323
|
# Defines and enables Amazon CloudWatch metrics and web request sample
|
7241
7324
|
# collection.
|
7325
|
+
#
|
7326
|
+
# If you change the name of a `Rule` after you create it and you want
|
7327
|
+
# the rule's metric name to reflect the change, update the metric
|
7328
|
+
# name as well. WAF doesn't automatically update the metric name.
|
7242
7329
|
# @return [Types::VisibilityConfig]
|
7243
7330
|
#
|
7244
7331
|
# @!attribute [rw] captcha_config
|
@@ -7384,9 +7471,9 @@ module Aws::WAFV2
|
|
7384
7471
|
#
|
7385
7472
|
# @!attribute [rw] rules
|
7386
7473
|
# The Rule statements used to identify the web requests that you want
|
7387
|
-
# to
|
7388
|
-
#
|
7389
|
-
#
|
7474
|
+
# to manage. Each rule includes one top-level statement that WAF uses
|
7475
|
+
# to identify matching web requests, and parameters that govern how
|
7476
|
+
# WAF handles them.
|
7390
7477
|
# @return [Array<Types::Rule>]
|
7391
7478
|
#
|
7392
7479
|
# @!attribute [rw] visibility_config
|
@@ -7467,8 +7554,10 @@ module Aws::WAFV2
|
|
7467
7554
|
# provide the ARN of the rule group in this statement.
|
7468
7555
|
#
|
7469
7556
|
# You cannot nest a `RuleGroupReferenceStatement`, for example for use
|
7470
|
-
# inside a `NotStatement` or `OrStatement`. You
|
7471
|
-
#
|
7557
|
+
# inside a `NotStatement` or `OrStatement`. You cannot use a rule group
|
7558
|
+
# reference statement inside another rule group. You can only reference
|
7559
|
+
# a rule group as a top-level statement within a rule that you define in
|
7560
|
+
# a web ACL.
|
7472
7561
|
#
|
7473
7562
|
# @!attribute [rw] arn
|
7474
7563
|
# The Amazon Resource Name (ARN) of the entity.
|
@@ -7716,9 +7805,9 @@ module Aws::WAFV2
|
|
7716
7805
|
#
|
7717
7806
|
# If you configure WAF to inspect the request body, WAF inspects only
|
7718
7807
|
# the number of bytes of the body up to the limit for the web ACL. By
|
7719
|
-
# default, for regional web ACLs, this limit is 8 KB (8,192
|
7720
|
-
#
|
7721
|
-
#
|
7808
|
+
# default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and
|
7809
|
+
# for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For
|
7810
|
+
# CloudFront web ACLs, you can increase the limit in the web ACL
|
7722
7811
|
# `AssociationConfig`, for additional fees. If you know that the request
|
7723
7812
|
# body for your web requests should never exceed the inspection limit,
|
7724
7813
|
# you could use a size constraint statement to block requests that have
|
@@ -7750,7 +7839,7 @@ module Aws::WAFV2
|
|
7750
7839
|
# before using them as custom aggregation keys. If you specify one or
|
7751
7840
|
# more transformations to apply, WAF performs all transformations on
|
7752
7841
|
# the specified content, starting from the lowest priority setting,
|
7753
|
-
# and then uses the component contents.
|
7842
|
+
# and then uses the transformed component contents.
|
7754
7843
|
# @return [Array<Types::TextTransformation>]
|
7755
7844
|
#
|
7756
7845
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SizeConstraintStatement AWS API Documentation
|
@@ -7781,7 +7870,7 @@ module Aws::WAFV2
|
|
7781
7870
|
# before using them as custom aggregation keys. If you specify one or
|
7782
7871
|
# more transformations to apply, WAF performs all transformations on
|
7783
7872
|
# the specified content, starting from the lowest priority setting,
|
7784
|
-
# and then uses the component contents.
|
7873
|
+
# and then uses the transformed component contents.
|
7785
7874
|
# @return [Array<Types::TextTransformation>]
|
7786
7875
|
#
|
7787
7876
|
# @!attribute [rw] sensitivity_level
|
@@ -7851,9 +7940,9 @@ module Aws::WAFV2
|
|
7851
7940
|
#
|
7852
7941
|
# If you configure WAF to inspect the request body, WAF inspects only
|
7853
7942
|
# the number of bytes of the body up to the limit for the web ACL. By
|
7854
|
-
# default, for regional web ACLs, this limit is 8 KB (8,192
|
7855
|
-
#
|
7856
|
-
#
|
7943
|
+
# default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and
|
7944
|
+
# for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For
|
7945
|
+
# CloudFront web ACLs, you can increase the limit in the web ACL
|
7857
7946
|
# `AssociationConfig`, for additional fees. If you know that the
|
7858
7947
|
# request body for your web requests should never exceed the
|
7859
7948
|
# inspection limit, you could use a size constraint statement to block
|
@@ -7908,8 +7997,10 @@ module Aws::WAFV2
|
|
7908
7997
|
# provide the ARN of the rule group in this statement.
|
7909
7998
|
#
|
7910
7999
|
# You cannot nest a `RuleGroupReferenceStatement`, for example for use
|
7911
|
-
# inside a `NotStatement` or `OrStatement`. You
|
7912
|
-
# group reference statement
|
8000
|
+
# inside a `NotStatement` or `OrStatement`. You cannot use a rule
|
8001
|
+
# group reference statement inside another rule group. You can only
|
8002
|
+
# reference a rule group as a top-level statement within a rule that
|
8003
|
+
# you define in a web ACL.
|
7913
8004
|
# @return [Types::RuleGroupReferenceStatement]
|
7914
8005
|
#
|
7915
8006
|
# @!attribute [rw] ip_set_reference_statement
|
@@ -8062,8 +8153,10 @@ module Aws::WAFV2
|
|
8062
8153
|
# calling ListAvailableManagedRuleGroups.
|
8063
8154
|
#
|
8064
8155
|
# You cannot nest a `ManagedRuleGroupStatement`, for example for use
|
8065
|
-
# inside a `NotStatement` or `OrStatement`.
|
8066
|
-
#
|
8156
|
+
# inside a `NotStatement` or `OrStatement`. You cannot use a managed
|
8157
|
+
# rule group inside another rule group. You can only reference a
|
8158
|
+
# managed rule group as a top-level statement within a rule that you
|
8159
|
+
# define in a web ACL.
|
8067
8160
|
#
|
8068
8161
|
# <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
|
8069
8162
|
# managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
|
@@ -8219,126 +8312,12 @@ module Aws::WAFV2
|
|
8219
8312
|
# @return [Integer]
|
8220
8313
|
#
|
8221
8314
|
# @!attribute [rw] type
|
8222
|
-
#
|
8223
|
-
#
|
8224
|
-
# **BASE64\_DECODE** - Decode a `Base64`-encoded string.
|
8225
|
-
#
|
8226
|
-
# **BASE64\_DECODE\_EXT** - Decode a `Base64`-encoded string, but use
|
8227
|
-
# a forgiving implementation that ignores characters that aren't
|
8228
|
-
# valid.
|
8229
|
-
#
|
8230
|
-
# **CMD\_LINE** - Command-line transformations. These are helpful in
|
8231
|
-
# reducing effectiveness of attackers who inject an operating system
|
8232
|
-
# command-line command and use unusual formatting to disguise some or
|
8233
|
-
# all of the command.
|
8234
|
-
#
|
8235
|
-
# * Delete the following characters: `\ " ' ^`
|
8236
|
-
#
|
8237
|
-
# * Delete spaces before the following characters: `/ (`
|
8238
|
-
#
|
8239
|
-
# * Replace the following characters with a space: `, ;`
|
8240
|
-
#
|
8241
|
-
# * Replace multiple spaces with one space
|
8242
|
-
#
|
8243
|
-
# * Convert uppercase letters (A-Z) to lowercase (a-z)
|
8244
|
-
#
|
8245
|
-
# **COMPRESS\_WHITE\_SPACE** - Replace these characters with a space
|
8246
|
-
# character (decimal 32):
|
8247
|
-
#
|
8248
|
-
# * `\f`, formfeed, decimal 12
|
8249
|
-
#
|
8250
|
-
# * `\t`, tab, decimal 9
|
8251
|
-
#
|
8252
|
-
# * `\n`, newline, decimal 10
|
8253
|
-
#
|
8254
|
-
# * `\r`, carriage return, decimal 13
|
8255
|
-
#
|
8256
|
-
# * `\v`, vertical tab, decimal 11
|
8257
|
-
#
|
8258
|
-
# * Non-breaking space, decimal 160
|
8259
|
-
#
|
8260
|
-
# `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
|
8261
|
-
#
|
8262
|
-
# **CSS\_DECODE** - Decode characters that were encoded using CSS 2.x
|
8263
|
-
# escape rules `syndata.html#characters`. This function uses up to two
|
8264
|
-
# bytes in the decoding process, so it can help to uncover ASCII
|
8265
|
-
# characters that were encoded using CSS encoding that wouldn’t
|
8266
|
-
# typically be encoded. It's also useful in countering evasion, which
|
8267
|
-
# is a combination of a backslash and non-hexadecimal characters. For
|
8268
|
-
# example, `ja\vascript` for javascript.
|
8269
|
-
#
|
8270
|
-
# **ESCAPE\_SEQ\_DECODE** - Decode the following ANSI C escape
|
8271
|
-
# sequences: `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`,
|
8272
|
-
# `'`, `"`, `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that
|
8273
|
-
# aren't valid remain in the output.
|
8274
|
-
#
|
8275
|
-
# **HEX\_DECODE** - Decode a string of hexadecimal characters into a
|
8276
|
-
# binary.
|
8277
|
-
#
|
8278
|
-
# **HTML\_ENTITY\_DECODE** - Replace HTML-encoded characters with
|
8279
|
-
# unencoded characters. `HTML_ENTITY_DECODE` performs these
|
8280
|
-
# operations:
|
8281
|
-
#
|
8282
|
-
# * Replaces `(ampersand)quot;` with `"`
|
8283
|
-
#
|
8284
|
-
# * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
|
8285
|
-
#
|
8286
|
-
# * Replaces `(ampersand)lt;` with a "less than" symbol
|
8287
|
-
#
|
8288
|
-
# * Replaces `(ampersand)gt;` with `>`
|
8289
|
-
#
|
8290
|
-
# * Replaces characters that are represented in hexadecimal format,
|
8291
|
-
# `(ampersand)#xhhhh;`, with the corresponding characters
|
8292
|
-
#
|
8293
|
-
# * Replaces characters that are represented in decimal format,
|
8294
|
-
# `(ampersand)#nnnn;`, with the corresponding characters
|
8295
|
-
#
|
8296
|
-
# **JS\_DECODE** - Decode JavaScript escape sequences. If a `` `u`
|
8297
|
-
# `HHHH` code is in the full-width ASCII code range of `FF01-FF5E`,
|
8298
|
-
# then the higher byte is used to detect and adjust the lower byte. If
|
8299
|
-
# not, only the lower byte is used and the higher byte is zeroed,
|
8300
|
-
# causing a possible loss of information.
|
8301
|
-
#
|
8302
|
-
# **LOWERCASE** - Convert uppercase letters (A-Z) to lowercase (a-z).
|
8303
|
-
#
|
8304
|
-
# **MD5** - Calculate an MD5 hash from the data in the input. The
|
8305
|
-
# computed hash is in a raw binary form.
|
8306
|
-
#
|
8307
|
-
# **NONE** - Specify `NONE` if you don't want any text
|
8308
|
-
# transformations.
|
8309
|
-
#
|
8310
|
-
# **NORMALIZE\_PATH** - Remove multiple slashes, directory
|
8311
|
-
# self-references, and directory back-references that are not at the
|
8312
|
-
# beginning of the input from an input string.
|
8313
|
-
#
|
8314
|
-
# **NORMALIZE\_PATH\_WIN** - This is the same as `NORMALIZE_PATH`, but
|
8315
|
-
# first converts backslash characters to forward slashes.
|
8316
|
-
#
|
8317
|
-
# **REMOVE\_NULLS** - Remove all `NULL` bytes from the input.
|
8318
|
-
#
|
8319
|
-
# **REPLACE\_COMMENTS** - Replace each occurrence of a C-style comment
|
8320
|
-
# (`/* ... */`) with a single space. Multiple consecutive occurrences
|
8321
|
-
# are not compressed. Unterminated comments are also replaced with a
|
8322
|
-
# space (ASCII 0x20). However, a standalone termination of a comment
|
8323
|
-
# (`*/`) is not acted upon.
|
8324
|
-
#
|
8325
|
-
# **REPLACE\_NULLS** - Replace NULL bytes in the input with space
|
8326
|
-
# characters (ASCII `0x20`).
|
8327
|
-
#
|
8328
|
-
# **SQL\_HEX\_DECODE** - Decode SQL hex data. Example (`0x414243`)
|
8329
|
-
# will be decoded to (`ABC`).
|
8315
|
+
# For detailed descriptions of each of the transformation types, see
|
8316
|
+
# [Text transformations][1] in the *WAF Developer Guide*.
|
8330
8317
|
#
|
8331
|
-
# **URL\_DECODE** - Decode a URL-encoded value.
|
8332
8318
|
#
|
8333
|
-
# **URL\_DECODE\_UNI** - Like `URL_DECODE`, but with support for
|
8334
|
-
# Microsoft-specific `%u` encoding. If the code is in the full-width
|
8335
|
-
# ASCII code range of `FF01-FF5E`, the higher byte is used to detect
|
8336
|
-
# and adjust the lower byte. Otherwise, only the lower byte is used
|
8337
|
-
# and the higher byte is zeroed.
|
8338
8319
|
#
|
8339
|
-
#
|
8340
|
-
# Unicode. This helps input normalization, and minimizing
|
8341
|
-
# false-positives and false-negatives for non-English languages.
|
8320
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html
|
8342
8321
|
# @return [String]
|
8343
8322
|
#
|
8344
8323
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TextTransformation AWS API Documentation
|
@@ -8450,27 +8429,24 @@ module Aws::WAFV2
|
|
8450
8429
|
#
|
8451
8430
|
# @!attribute [rw] addresses
|
8452
8431
|
# Contains an array of strings that specifies zero or more IP
|
8453
|
-
# addresses or blocks of IP addresses
|
8454
|
-
#
|
8455
|
-
#
|
8432
|
+
# addresses or blocks of IP addresses that you want WAF to inspect for
|
8433
|
+
# in incoming requests. All addresses must be specified using
|
8434
|
+
# Classless Inter-Domain Routing (CIDR) notation. WAF supports all
|
8435
|
+
# IPv4 and IPv6 CIDR ranges except for `/0`.
|
8456
8436
|
#
|
8457
8437
|
# Example address strings:
|
8458
8438
|
#
|
8459
|
-
# *
|
8460
|
-
#
|
8461
|
-
# `192.0.2.44/32`.
|
8439
|
+
# * For requests that originated from the IP address 192.0.2.44,
|
8440
|
+
# specify `192.0.2.44/32`.
|
8462
8441
|
#
|
8463
|
-
# *
|
8464
|
-
#
|
8465
|
-
# specify `192.0.2.0/24`.
|
8442
|
+
# * For requests that originated from IP addresses from 192.0.2.0 to
|
8443
|
+
# 192.0.2.255, specify `192.0.2.0/24`.
|
8466
8444
|
#
|
8467
|
-
# *
|
8468
|
-
# originated from the IP address
|
8445
|
+
# * For requests that originated from the IP address
|
8469
8446
|
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
8470
8447
|
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
8471
8448
|
#
|
8472
|
-
# *
|
8473
|
-
# originated from IP addresses
|
8449
|
+
# * For requests that originated from IP addresses
|
8474
8450
|
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
8475
8451
|
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
8476
8452
|
# `1111:0000:0000:0000:0000:0000:0000:0000/64`.
|
@@ -8741,9 +8717,9 @@ module Aws::WAFV2
|
|
8741
8717
|
#
|
8742
8718
|
# @!attribute [rw] rules
|
8743
8719
|
# The Rule statements used to identify the web requests that you want
|
8744
|
-
# to
|
8745
|
-
#
|
8746
|
-
#
|
8720
|
+
# to manage. Each rule includes one top-level statement that WAF uses
|
8721
|
+
# to identify matching web requests, and parameters that govern how
|
8722
|
+
# WAF handles them.
|
8747
8723
|
# @return [Array<Types::Rule>]
|
8748
8724
|
#
|
8749
8725
|
# @!attribute [rw] visibility_config
|
@@ -8850,9 +8826,9 @@ module Aws::WAFV2
|
|
8850
8826
|
#
|
8851
8827
|
# @!attribute [rw] rules
|
8852
8828
|
# The Rule statements used to identify the web requests that you want
|
8853
|
-
# to
|
8854
|
-
#
|
8855
|
-
#
|
8829
|
+
# to manage. Each rule includes one top-level statement that WAF uses
|
8830
|
+
# to identify matching web requests, and parameters that govern how
|
8831
|
+
# WAF handles them.
|
8856
8832
|
# @return [Array<Types::Rule>]
|
8857
8833
|
#
|
8858
8834
|
# @!attribute [rw] visibility_config
|
@@ -8927,7 +8903,7 @@ module Aws::WAFV2
|
|
8927
8903
|
#
|
8928
8904
|
# Use this to customize the maximum size of the request body that your
|
8929
8905
|
# protected CloudFront distributions forward to WAF for inspection.
|
8930
|
-
# The default is 16 KB (16,384
|
8906
|
+
# The default is 16 KB (16,384 bytes).
|
8931
8907
|
#
|
8932
8908
|
# <note markdown="1"> You are charged additional fees when your protected resources
|
8933
8909
|
# forward body sizes that are larger than the default. For more
|
@@ -9458,16 +9434,17 @@ module Aws::WAFV2
|
|
9458
9434
|
end
|
9459
9435
|
|
9460
9436
|
# A web ACL defines a collection of rules to use to inspect and control
|
9461
|
-
# web requests. Each rule has
|
9462
|
-
#
|
9463
|
-
# assign a default action to take
|
9464
|
-
# does not match any of the rules.
|
9465
|
-
# combination of the types Rule,
|
9466
|
-
# can associate a web ACL with
|
9467
|
-
#
|
9468
|
-
#
|
9469
|
-
#
|
9470
|
-
# Amazon Web Services
|
9437
|
+
# web requests. Each rule has a statement that defines what to look for
|
9438
|
+
# in web requests and an action that WAF applies to requests that match
|
9439
|
+
# the statement. In the web ACL, you assign a default action to take
|
9440
|
+
# (allow, block) for any request that does not match any of the rules.
|
9441
|
+
# The rules in a web ACL can be a combination of the types Rule,
|
9442
|
+
# RuleGroup, and managed rule group. You can associate a web ACL with
|
9443
|
+
# one or more Amazon Web Services resources to protect. The resources
|
9444
|
+
# can be an Amazon CloudFront distribution, an Amazon API Gateway REST
|
9445
|
+
# API, an Application Load Balancer, an AppSync GraphQL API, an Amazon
|
9446
|
+
# Cognito user pool, an App Runner service, or an Amazon Web Services
|
9447
|
+
# Verified Access instance.
|
9471
9448
|
#
|
9472
9449
|
# @!attribute [rw] name
|
9473
9450
|
# The name of the web ACL. You cannot change the name of a web ACL
|
@@ -9496,9 +9473,9 @@ module Aws::WAFV2
|
|
9496
9473
|
#
|
9497
9474
|
# @!attribute [rw] rules
|
9498
9475
|
# The Rule statements used to identify the web requests that you want
|
9499
|
-
# to
|
9500
|
-
#
|
9501
|
-
#
|
9476
|
+
# to manage. Each rule includes one top-level statement that WAF uses
|
9477
|
+
# to identify matching web requests, and parameters that govern how
|
9478
|
+
# WAF handles them.
|
9502
9479
|
# @return [Array<Types::Rule>]
|
9503
9480
|
#
|
9504
9481
|
# @!attribute [rw] visibility_config
|
@@ -9623,7 +9600,7 @@ module Aws::WAFV2
|
|
9623
9600
|
#
|
9624
9601
|
# Use this to customize the maximum size of the request body that your
|
9625
9602
|
# protected CloudFront distributions forward to WAF for inspection.
|
9626
|
-
# The default is 16 KB (16,384
|
9603
|
+
# The default is 16 KB (16,384 bytes).
|
9627
9604
|
#
|
9628
9605
|
# <note markdown="1"> You are charged additional fees when your protected resources
|
9629
9606
|
# forward body sizes that are larger than the default. For more
|
@@ -9726,7 +9703,7 @@ module Aws::WAFV2
|
|
9726
9703
|
# before using them as custom aggregation keys. If you specify one or
|
9727
9704
|
# more transformations to apply, WAF performs all transformations on
|
9728
9705
|
# the specified content, starting from the lowest priority setting,
|
9729
|
-
# and then uses the component contents.
|
9706
|
+
# and then uses the transformed component contents.
|
9730
9707
|
# @return [Array<Types::TextTransformation>]
|
9731
9708
|
#
|
9732
9709
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/XssMatchStatement AWS API Documentation
|