aws-sdk-wafv2 1.67.0 → 1.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -60,8 +60,13 @@ module Aws::WAFV2
60
60
  # is the page on your website that accepts the completed registration
61
61
  # form for a new user. This page must accept `POST` requests.
62
62
  #
63
- # For example, for the URL `https://example.com/web/signup`, you would
64
- # provide the path `/web/signup`.
63
+ # For example, for the URL `https://example.com/web/newaccount`, you
64
+ # would provide the path `/web/newaccount`. Account creation page
65
+ # paths that start with the path that you provide are considered a
66
+ # match. For example `/web/newaccount` matches the account creation
67
+ # paths `/web/newaccount`, `/web/newaccount/`, `/web/newaccountPage`,
68
+ # and `/web/newaccount/thisPage`, but doesn't match the path
69
+ # `/home/web/newaccount` or `/website/newaccount`.
65
70
  # @return [String]
66
71
  #
67
72
  # @!attribute [rw] registration_page_path
@@ -73,8 +78,13 @@ module Aws::WAFV2
73
78
  #
74
79
  # </note>
75
80
  #
76
- # For example, for the URL `https://example.com/web/register`, you
77
- # would provide the path `/web/register`.
81
+ # For example, for the URL `https://example.com/web/registration`, you
82
+ # would provide the path `/web/registration`. Registration page paths
83
+ # that start with the path that you provide are considered a match.
84
+ # For example `/web/registration` matches the registration paths
85
+ # `/web/registration`, `/web/registration/`, `/web/registrationPage`,
86
+ # and `/web/registration/thisPage`, but doesn't match the path
87
+ # `/home/web/registration` or `/website/registration`.
78
88
  # @return [String]
79
89
  #
80
90
  # @!attribute [rw] request_inspection
@@ -124,7 +134,11 @@ module Aws::WAFV2
124
134
  # @!attribute [rw] login_path
125
135
  # The path of the login endpoint for your application. For example,
126
136
  # for the URL `https://example.com/web/login`, you would provide the
127
- # path `/web/login`.
137
+ # path `/web/login`. Login paths that start with the path that you
138
+ # provide are considered a match. For example `/web/login` matches the
139
+ # login paths `/web/login`, `/web/login/`, `/web/loginPage`, and
140
+ # `/web/login/thisPage`, but doesn't match the login path
141
+ # `/home/web/login` or `/website/login`.
128
142
  #
129
143
  # The rule group inspects only HTTP `POST` requests to your specified
130
144
  # login endpoint.
@@ -183,10 +197,31 @@ module Aws::WAFV2
183
197
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html
184
198
  # @return [String]
185
199
  #
200
+ # @!attribute [rw] enable_machine_learning
201
+ # Applies only to the targeted inspection level.
202
+ #
203
+ # Determines whether to use machine learning (ML) to analyze your web
204
+ # traffic for bot-related activity. Machine learning is required for
205
+ # the Bot Control rules `TGT_ML_CoordinatedActivityLow` and
206
+ # `TGT_ML_CoordinatedActivityMedium`, which inspect for anomalous
207
+ # behavior that might indicate distributed, coordinated bot activity.
208
+ #
209
+ # For more information about this choice, see the listing for these
210
+ # rules in the table at [Bot Control rules listing][1] in the *WAF
211
+ # Developer Guide*.
212
+ #
213
+ # Default: `TRUE`
214
+ #
215
+ #
216
+ #
217
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html#aws-managed-rule-groups-bot-rules
218
+ # @return [Boolean]
219
+ #
186
220
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesBotControlRuleSet AWS API Documentation
187
221
  #
188
222
  class AWSManagedRulesBotControlRuleSet < Struct.new(
189
- :inspection_level)
223
+ :inspection_level,
224
+ :enable_machine_learning)
190
225
  SENSITIVE = []
191
226
  include Aws::Structure
192
227
  end
@@ -379,7 +414,7 @@ module Aws::WAFV2
379
414
  #
380
415
  # Use this to customize the maximum size of the request body that your
381
416
  # protected CloudFront distributions forward to WAF for inspection. The
382
- # default is 16 KB (16,384 kilobytes).
417
+ # default is 16 KB (16,384 bytes).
383
418
  #
384
419
  # <note markdown="1"> You are charged additional fees when your protected resources forward
385
420
  # body sizes that are larger than the default. For more information, see
@@ -394,7 +429,7 @@ module Aws::WAFV2
394
429
  # @!attribute [rw] request_body
395
430
  # Customizes the maximum size of the request body that your protected
396
431
  # CloudFront distributions forward to WAF for inspection. The default
397
- # size is 16 KB (16,384 kilobytes).
432
+ # size is 16 KB (16,384 bytes).
398
433
  #
399
434
  # <note markdown="1"> You are charged additional fees when your protected resources
400
435
  # forward body sizes that are larger than the default. For more
@@ -455,9 +490,9 @@ module Aws::WAFV2
455
490
  # forwards the contents that are below the limit to WAF for
456
491
  # inspection.
457
492
  #
458
- # The default limit is 8 KB (8,192 kilobytes) for regional resources
459
- # and 16 KB (16,384 kilobytes) for CloudFront distributions. For
460
- # CloudFront distributions, you can increase the limit in the web ACL
493
+ # The default limit is 8 KB (8,192 bytes) for regional resources and
494
+ # 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront
495
+ # distributions, you can increase the limit in the web ACL
461
496
  # `AssociationConfig`, for additional processing fees.
462
497
  #
463
498
  # The options for oversize handling are the following:
@@ -507,6 +542,10 @@ module Aws::WAFV2
507
542
  # * `UriPath`: The value that you want WAF to search for in the URI
508
543
  # path, for example, `/images/daily-ad.jpg`.
509
544
  #
545
+ # * `JA3Fingerprint`: The string to match against the web request's
546
+ # JA3 fingerprint header. The header contains a hash fingerprint of
547
+ # the TLS Client Hello packet for the request.
548
+ #
510
549
  # * `HeaderOrder`: The comma-separated list of header names to match
511
550
  # for. WAF creates a string that contains the ordered list of header
512
551
  # names, from the headers in the web request, and then matches
@@ -545,7 +584,7 @@ module Aws::WAFV2
545
584
  # before using them as custom aggregation keys. If you specify one or
546
585
  # more transformations to apply, WAF performs all transformations on
547
586
  # the specified content, starting from the lowest priority setting,
548
- # and then uses the component contents.
587
+ # and then uses the transformed component contents.
549
588
  # @return [Array<Types::TextTransformation>]
550
589
  #
551
590
  # @!attribute [rw] positional_constraint
@@ -1064,27 +1103,24 @@ module Aws::WAFV2
1064
1103
  #
1065
1104
  # @!attribute [rw] addresses
1066
1105
  # Contains an array of strings that specifies zero or more IP
1067
- # addresses or blocks of IP addresses. All addresses must be specified
1068
- # using Classless Inter-Domain Routing (CIDR) notation. WAF supports
1069
- # all IPv4 and IPv6 CIDR ranges except for `/0`.
1106
+ # addresses or blocks of IP addresses that you want WAF to inspect for
1107
+ # in incoming requests. All addresses must be specified using
1108
+ # Classless Inter-Domain Routing (CIDR) notation. WAF supports all
1109
+ # IPv4 and IPv6 CIDR ranges except for `/0`.
1070
1110
  #
1071
1111
  # Example address strings:
1072
1112
  #
1073
- # * To configure WAF to allow, block, or count requests that
1074
- # originated from the IP address 192.0.2.44, specify
1075
- # `192.0.2.44/32`.
1113
+ # * For requests that originated from the IP address 192.0.2.44,
1114
+ # specify `192.0.2.44/32`.
1076
1115
  #
1077
- # * To configure WAF to allow, block, or count requests that
1078
- # originated from IP addresses from 192.0.2.0 to 192.0.2.255,
1079
- # specify `192.0.2.0/24`.
1116
+ # * For requests that originated from IP addresses from 192.0.2.0 to
1117
+ # 192.0.2.255, specify `192.0.2.0/24`.
1080
1118
  #
1081
- # * To configure WAF to allow, block, or count requests that
1082
- # originated from the IP address
1119
+ # * For requests that originated from the IP address
1083
1120
  # 1111:0000:0000:0000:0000:0000:0000:0111, specify
1084
1121
  # `1111:0000:0000:0000:0000:0000:0000:0111/128`.
1085
1122
  #
1086
- # * To configure WAF to allow, block, or count requests that
1087
- # originated from IP addresses
1123
+ # * For requests that originated from IP addresses
1088
1124
  # 1111:0000:0000:0000:0000:0000:0000:0000 to
1089
1125
  # 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1090
1126
  # `1111:0000:0000:0000:0000:0000:0000:0000/64`.
@@ -1251,9 +1287,9 @@ module Aws::WAFV2
1251
1287
  #
1252
1288
  # @!attribute [rw] rules
1253
1289
  # The Rule statements used to identify the web requests that you want
1254
- # to allow, block, or count. Each rule includes one top-level
1255
- # statement that WAF uses to identify matching web requests, and
1256
- # parameters that govern how WAF handles them.
1290
+ # to manage. Each rule includes one top-level statement that WAF uses
1291
+ # to identify matching web requests, and parameters that govern how
1292
+ # WAF handles them.
1257
1293
  # @return [Array<Types::Rule>]
1258
1294
  #
1259
1295
  # @!attribute [rw] visibility_config
@@ -1348,9 +1384,9 @@ module Aws::WAFV2
1348
1384
  #
1349
1385
  # @!attribute [rw] rules
1350
1386
  # The Rule statements used to identify the web requests that you want
1351
- # to allow, block, or count. Each rule includes one top-level
1352
- # statement that WAF uses to identify matching web requests, and
1353
- # parameters that govern how WAF handles them.
1387
+ # to manage. Each rule includes one top-level statement that WAF uses
1388
+ # to identify matching web requests, and parameters that govern how
1389
+ # WAF handles them.
1354
1390
  # @return [Array<Types::Rule>]
1355
1391
  #
1356
1392
  # @!attribute [rw] visibility_config
@@ -1417,7 +1453,7 @@ module Aws::WAFV2
1417
1453
  #
1418
1454
  # Use this to customize the maximum size of the request body that your
1419
1455
  # protected CloudFront distributions forward to WAF for inspection.
1420
- # The default is 16 KB (16,384 kilobytes).
1456
+ # The default is 16 KB (16,384 bytes).
1421
1457
  #
1422
1458
  # <note markdown="1"> You are charged additional fees when your protected resources
1423
1459
  # forward body sizes that are larger than the default. For more
@@ -1560,8 +1596,9 @@ module Aws::WAFV2
1560
1596
  # @return [String]
1561
1597
  #
1562
1598
  # @!attribute [rw] response_headers
1563
- # The HTTP headers to use in the response. Duplicate header names are
1564
- # not allowed.
1599
+ # The HTTP headers to use in the response. You can specify any header
1600
+ # name except for `content-type`. Duplicate header names are not
1601
+ # allowed.
1565
1602
  #
1566
1603
  # For information about the limits on count and size for custom
1567
1604
  # request and response settings, see [WAF quotas][1] in the *WAF
@@ -2293,10 +2330,10 @@ module Aws::WAFV2
2293
2330
  #
2294
2331
  # A limited amount of the request body is forwarded to WAF for
2295
2332
  # inspection by the underlying host service. For regional resources,
2296
- # the limit is 8 KB (8,192 kilobytes) and for CloudFront
2297
- # distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
2298
- # distributions, you can increase the limit in the web ACL's
2299
- # `AssociationConfig`, for additional processing fees.
2333
+ # the limit is 8 KB (8,192 bytes) and for CloudFront distributions,
2334
+ # the limit is 16 KB (16,384 bytes). For CloudFront distributions, you
2335
+ # can increase the limit in the web ACL's `AssociationConfig`, for
2336
+ # additional processing fees.
2300
2337
  #
2301
2338
  # For information about how to handle oversized request bodies, see
2302
2339
  # the `Body` object configuration.
@@ -2315,10 +2352,10 @@ module Aws::WAFV2
2315
2352
  #
2316
2353
  # A limited amount of the request body is forwarded to WAF for
2317
2354
  # inspection by the underlying host service. For regional resources,
2318
- # the limit is 8 KB (8,192 kilobytes) and for CloudFront
2319
- # distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
2320
- # distributions, you can increase the limit in the web ACL's
2321
- # `AssociationConfig`, for additional processing fees.
2355
+ # the limit is 8 KB (8,192 bytes) and for CloudFront distributions,
2356
+ # the limit is 16 KB (16,384 bytes). For CloudFront distributions, you
2357
+ # can increase the limit in the web ACL's `AssociationConfig`, for
2358
+ # additional processing fees.
2322
2359
  #
2323
2360
  # For information about how to handle oversized request bodies, see
2324
2361
  # the `JsonBody` object configuration.
@@ -2359,6 +2396,18 @@ module Aws::WAFV2
2359
2396
  # `host:user-agent:accept:authorization:referer`.
2360
2397
  # @return [Types::HeaderOrder]
2361
2398
  #
2399
+ # @!attribute [rw] ja3_fingerprint
2400
+ # Match against the request's JA3 fingerprint header. The header
2401
+ # contains a hash fingerprint of the TLS Client Hello packet for the
2402
+ # request.
2403
+ #
2404
+ # <note markdown="1"> You can use this choice only with a string match
2405
+ # `ByteMatchStatement` with the `PositionalConstraint` set to
2406
+ # `EXACTLY`.
2407
+ #
2408
+ # </note>
2409
+ # @return [Types::JA3Fingerprint]
2410
+ #
2362
2411
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FieldToMatch AWS API Documentation
2363
2412
  #
2364
2413
  class FieldToMatch < Struct.new(
@@ -2372,7 +2421,8 @@ module Aws::WAFV2
2372
2421
  :json_body,
2373
2422
  :headers,
2374
2423
  :cookies,
2375
- :header_order)
2424
+ :header_order,
2425
+ :ja3_fingerprint)
2376
2426
  SENSITIVE = []
2377
2427
  include Aws::Structure
2378
2428
  end
@@ -3552,27 +3602,24 @@ module Aws::WAFV2
3552
3602
  #
3553
3603
  # @!attribute [rw] addresses
3554
3604
  # Contains an array of strings that specifies zero or more IP
3555
- # addresses or blocks of IP addresses. All addresses must be specified
3556
- # using Classless Inter-Domain Routing (CIDR) notation. WAF supports
3557
- # all IPv4 and IPv6 CIDR ranges except for `/0`.
3605
+ # addresses or blocks of IP addresses that you want WAF to inspect for
3606
+ # in incoming requests. All addresses must be specified using
3607
+ # Classless Inter-Domain Routing (CIDR) notation. WAF supports all
3608
+ # IPv4 and IPv6 CIDR ranges except for `/0`.
3558
3609
  #
3559
3610
  # Example address strings:
3560
3611
  #
3561
- # * To configure WAF to allow, block, or count requests that
3562
- # originated from the IP address 192.0.2.44, specify
3563
- # `192.0.2.44/32`.
3612
+ # * For requests that originated from the IP address 192.0.2.44,
3613
+ # specify `192.0.2.44/32`.
3564
3614
  #
3565
- # * To configure WAF to allow, block, or count requests that
3566
- # originated from IP addresses from 192.0.2.0 to 192.0.2.255,
3567
- # specify `192.0.2.0/24`.
3615
+ # * For requests that originated from IP addresses from 192.0.2.0 to
3616
+ # 192.0.2.255, specify `192.0.2.0/24`.
3568
3617
  #
3569
- # * To configure WAF to allow, block, or count requests that
3570
- # originated from the IP address
3618
+ # * For requests that originated from the IP address
3571
3619
  # 1111:0000:0000:0000:0000:0000:0000:0111, specify
3572
3620
  # `1111:0000:0000:0000:0000:0000:0000:0111/128`.
3573
3621
  #
3574
- # * To configure WAF to allow, block, or count requests that
3575
- # originated from IP addresses
3622
+ # * For requests that originated from IP addresses
3576
3623
  # 1111:0000:0000:0000:0000:0000:0000:0000 to
3577
3624
  # 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
3578
3625
  # `1111:0000:0000:0000:0000:0000:0000:0000/64`.
@@ -3785,6 +3832,36 @@ module Aws::WAFV2
3785
3832
  include Aws::Structure
3786
3833
  end
3787
3834
 
3835
+ # Match against the request's JA3 fingerprint header. The header
3836
+ # contains a hash fingerprint of the TLS Client Hello packet for the
3837
+ # request.
3838
+ #
3839
+ # <note markdown="1"> You can use this choice only with a string match `ByteMatchStatement`
3840
+ # with the `PositionalConstraint` set to `EXACTLY`.
3841
+ #
3842
+ # </note>
3843
+ #
3844
+ # @!attribute [rw] fallback_behavior
3845
+ # The match status to assign to the web request if the request
3846
+ # doesn't have a JA3 fingerprint.
3847
+ #
3848
+ # You can specify the following fallback behaviors:
3849
+ #
3850
+ # * `MATCH` - Treat the web request as matching the rule statement.
3851
+ # WAF applies the rule action to the request.
3852
+ #
3853
+ # * `NO_MATCH` - Treat the web request as not matching the rule
3854
+ # statement.
3855
+ # @return [String]
3856
+ #
3857
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/JA3Fingerprint AWS API Documentation
3858
+ #
3859
+ class JA3Fingerprint < Struct.new(
3860
+ :fallback_behavior)
3861
+ SENSITIVE = []
3862
+ include Aws::Structure
3863
+ end
3864
+
3788
3865
  # Inspect the body of the web request as JSON. The body immediately
3789
3866
  # follows the request headers.
3790
3867
  #
@@ -3849,9 +3926,9 @@ module Aws::WAFV2
3849
3926
  # forwards the contents that are below the limit to WAF for
3850
3927
  # inspection.
3851
3928
  #
3852
- # The default limit is 8 KB (8,192 kilobytes) for regional resources
3853
- # and 16 KB (16,384 kilobytes) for CloudFront distributions. For
3854
- # CloudFront distributions, you can increase the limit in the web ACL
3929
+ # The default limit is 8 KB (8,192 bytes) for regional resources and
3930
+ # 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront
3931
+ # distributions, you can increase the limit in the web ACL
3855
3932
  # `AssociationConfig`, for additional processing fees.
3856
3933
  #
3857
3934
  # The options for oversize handling are the following:
@@ -5086,8 +5163,10 @@ module Aws::WAFV2
5086
5163
  # calling ListAvailableManagedRuleGroups.
5087
5164
  #
5088
5165
  # You cannot nest a `ManagedRuleGroupStatement`, for example for use
5089
- # inside a `NotStatement` or `OrStatement`. It can only be referenced as
5090
- # a top-level statement within a rule.
5166
+ # inside a `NotStatement` or `OrStatement`. You cannot use a managed
5167
+ # rule group inside another rule group. You can only reference a managed
5168
+ # rule group as a top-level statement within a rule that you define in a
5169
+ # web ACL.
5091
5170
  #
5092
5171
  # <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
5093
5172
  # managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
@@ -6232,7 +6311,7 @@ module Aws::WAFV2
6232
6311
  # before using them as custom aggregation keys. If you specify one or
6233
6312
  # more transformations to apply, WAF performs all transformations on
6234
6313
  # the specified content, starting from the lowest priority setting,
6235
- # and then uses the component contents.
6314
+ # and then uses the transformed component contents.
6236
6315
  # @return [Array<Types::TextTransformation>]
6237
6316
  #
6238
6317
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitCookie AWS API Documentation
@@ -6302,7 +6381,7 @@ module Aws::WAFV2
6302
6381
  # before using them as custom aggregation keys. If you specify one or
6303
6382
  # more transformations to apply, WAF performs all transformations on
6304
6383
  # the specified content, starting from the lowest priority setting,
6305
- # and then uses the component contents.
6384
+ # and then uses the transformed component contents.
6306
6385
  # @return [Array<Types::TextTransformation>]
6307
6386
  #
6308
6387
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitHeader AWS API Documentation
@@ -6379,7 +6458,7 @@ module Aws::WAFV2
6379
6458
  # before using them as custom aggregation keys. If you specify one or
6380
6459
  # more transformations to apply, WAF performs all transformations on
6381
6460
  # the specified content, starting from the lowest priority setting,
6382
- # and then uses the component contents.
6461
+ # and then uses the transformed component contents.
6383
6462
  # @return [Array<Types::TextTransformation>]
6384
6463
  #
6385
6464
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitQueryArgument AWS API Documentation
@@ -6405,7 +6484,7 @@ module Aws::WAFV2
6405
6484
  # before using them as custom aggregation keys. If you specify one or
6406
6485
  # more transformations to apply, WAF performs all transformations on
6407
6486
  # the specified content, starting from the lowest priority setting,
6408
- # and then uses the component contents.
6487
+ # and then uses the transformed component contents.
6409
6488
  # @return [Array<Types::TextTransformation>]
6410
6489
  #
6411
6490
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitQueryString AWS API Documentation
@@ -6430,7 +6509,7 @@ module Aws::WAFV2
6430
6509
  # before using them as custom aggregation keys. If you specify one or
6431
6510
  # more transformations to apply, WAF performs all transformations on
6432
6511
  # the specified content, starting from the lowest priority setting,
6433
- # and then uses the component contents.
6512
+ # and then uses the transformed component contents.
6434
6513
  # @return [Array<Types::TextTransformation>]
6435
6514
  #
6436
6515
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitUriPath AWS API Documentation
@@ -6475,7 +6554,7 @@ module Aws::WAFV2
6475
6554
  # before using them as custom aggregation keys. If you specify one or
6476
6555
  # more transformations to apply, WAF performs all transformations on
6477
6556
  # the specified content, starting from the lowest priority setting,
6478
- # and then uses the component contents.
6557
+ # and then uses the transformed component contents.
6479
6558
  # @return [Array<Types::TextTransformation>]
6480
6559
  #
6481
6560
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
@@ -6559,7 +6638,7 @@ module Aws::WAFV2
6559
6638
  # before using them as custom aggregation keys. If you specify one or
6560
6639
  # more transformations to apply, WAF performs all transformations on
6561
6640
  # the specified content, starting from the lowest priority setting,
6562
- # and then uses the component contents.
6641
+ # and then uses the transformed component contents.
6563
6642
  # @return [Array<Types::TextTransformation>]
6564
6643
  #
6565
6644
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexPatternSetReferenceStatement AWS API Documentation
@@ -6642,7 +6721,7 @@ module Aws::WAFV2
6642
6721
 
6643
6722
  # Customizes the maximum size of the request body that your protected
6644
6723
  # CloudFront distributions forward to WAF for inspection. The default
6645
- # size is 16 KB (16,384 kilobytes).
6724
+ # size is 16 KB (16,384 bytes).
6646
6725
  #
6647
6726
  # <note markdown="1"> You are charged additional fees when your protected resources forward
6648
6727
  # body sizes that are larger than the default. For more information, see
@@ -6662,7 +6741,7 @@ module Aws::WAFV2
6662
6741
  # inspection. This applies to statements in the web ACL that inspect
6663
6742
  # the body or JSON body.
6664
6743
  #
6665
- # Default: `16 KB (16,384 kilobytes)`
6744
+ # Default: `16 KB (16,384 bytes)`
6666
6745
  # @return [String]
6667
6746
  #
6668
6747
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestBodyAssociatedResourceTypeConfig AWS API Documentation
@@ -7150,13 +7229,17 @@ module Aws::WAFV2
7150
7229
  end
7151
7230
 
7152
7231
  # A single rule, which you can use in a WebACL or RuleGroup to identify
7153
- # web requests that you want to allow, block, or count. Each rule
7154
- # includes one top-level Statement that WAF uses to identify matching
7155
- # web requests, and parameters that govern how WAF handles them.
7232
+ # web requests that you want to manage in some way. Each rule includes
7233
+ # one top-level Statement that WAF uses to identify matching web
7234
+ # requests, and parameters that govern how WAF handles them.
7156
7235
  #
7157
7236
  # @!attribute [rw] name
7158
- # The name of the rule. You can't change the name of a `Rule` after
7159
- # you create it.
7237
+ # The name of the rule.
7238
+ #
7239
+ # If you change the name of a `Rule` after you create it and you want
7240
+ # the rule's metric name to reflect the change, update the metric
7241
+ # name in the rule's `VisibilityConfig` settings. WAF doesn't
7242
+ # automatically update the metric name when you update the rule name.
7160
7243
  # @return [String]
7161
7244
  #
7162
7245
  # @!attribute [rw] priority
@@ -7239,6 +7322,10 @@ module Aws::WAFV2
7239
7322
  # @!attribute [rw] visibility_config
7240
7323
  # Defines and enables Amazon CloudWatch metrics and web request sample
7241
7324
  # collection.
7325
+ #
7326
+ # If you change the name of a `Rule` after you create it and you want
7327
+ # the rule's metric name to reflect the change, update the metric
7328
+ # name as well. WAF doesn't automatically update the metric name.
7242
7329
  # @return [Types::VisibilityConfig]
7243
7330
  #
7244
7331
  # @!attribute [rw] captcha_config
@@ -7384,9 +7471,9 @@ module Aws::WAFV2
7384
7471
  #
7385
7472
  # @!attribute [rw] rules
7386
7473
  # The Rule statements used to identify the web requests that you want
7387
- # to allow, block, or count. Each rule includes one top-level
7388
- # statement that WAF uses to identify matching web requests, and
7389
- # parameters that govern how WAF handles them.
7474
+ # to manage. Each rule includes one top-level statement that WAF uses
7475
+ # to identify matching web requests, and parameters that govern how
7476
+ # WAF handles them.
7390
7477
  # @return [Array<Types::Rule>]
7391
7478
  #
7392
7479
  # @!attribute [rw] visibility_config
@@ -7467,8 +7554,10 @@ module Aws::WAFV2
7467
7554
  # provide the ARN of the rule group in this statement.
7468
7555
  #
7469
7556
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
7470
- # inside a `NotStatement` or `OrStatement`. You can only use a rule
7471
- # group reference statement at the top level inside a web ACL.
7557
+ # inside a `NotStatement` or `OrStatement`. You cannot use a rule group
7558
+ # reference statement inside another rule group. You can only reference
7559
+ # a rule group as a top-level statement within a rule that you define in
7560
+ # a web ACL.
7472
7561
  #
7473
7562
  # @!attribute [rw] arn
7474
7563
  # The Amazon Resource Name (ARN) of the entity.
@@ -7716,9 +7805,9 @@ module Aws::WAFV2
7716
7805
  #
7717
7806
  # If you configure WAF to inspect the request body, WAF inspects only
7718
7807
  # the number of bytes of the body up to the limit for the web ACL. By
7719
- # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
7720
- # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
7721
- # For CloudFront web ACLs, you can increase the limit in the web ACL
7808
+ # default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and
7809
+ # for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For
7810
+ # CloudFront web ACLs, you can increase the limit in the web ACL
7722
7811
  # `AssociationConfig`, for additional fees. If you know that the request
7723
7812
  # body for your web requests should never exceed the inspection limit,
7724
7813
  # you could use a size constraint statement to block requests that have
@@ -7750,7 +7839,7 @@ module Aws::WAFV2
7750
7839
  # before using them as custom aggregation keys. If you specify one or
7751
7840
  # more transformations to apply, WAF performs all transformations on
7752
7841
  # the specified content, starting from the lowest priority setting,
7753
- # and then uses the component contents.
7842
+ # and then uses the transformed component contents.
7754
7843
  # @return [Array<Types::TextTransformation>]
7755
7844
  #
7756
7845
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SizeConstraintStatement AWS API Documentation
@@ -7781,7 +7870,7 @@ module Aws::WAFV2
7781
7870
  # before using them as custom aggregation keys. If you specify one or
7782
7871
  # more transformations to apply, WAF performs all transformations on
7783
7872
  # the specified content, starting from the lowest priority setting,
7784
- # and then uses the component contents.
7873
+ # and then uses the transformed component contents.
7785
7874
  # @return [Array<Types::TextTransformation>]
7786
7875
  #
7787
7876
  # @!attribute [rw] sensitivity_level
@@ -7851,9 +7940,9 @@ module Aws::WAFV2
7851
7940
  #
7852
7941
  # If you configure WAF to inspect the request body, WAF inspects only
7853
7942
  # the number of bytes of the body up to the limit for the web ACL. By
7854
- # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
7855
- # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
7856
- # For CloudFront web ACLs, you can increase the limit in the web ACL
7943
+ # default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and
7944
+ # for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For
7945
+ # CloudFront web ACLs, you can increase the limit in the web ACL
7857
7946
  # `AssociationConfig`, for additional fees. If you know that the
7858
7947
  # request body for your web requests should never exceed the
7859
7948
  # inspection limit, you could use a size constraint statement to block
@@ -7908,8 +7997,10 @@ module Aws::WAFV2
7908
7997
  # provide the ARN of the rule group in this statement.
7909
7998
  #
7910
7999
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
7911
- # inside a `NotStatement` or `OrStatement`. You can only use a rule
7912
- # group reference statement at the top level inside a web ACL.
8000
+ # inside a `NotStatement` or `OrStatement`. You cannot use a rule
8001
+ # group reference statement inside another rule group. You can only
8002
+ # reference a rule group as a top-level statement within a rule that
8003
+ # you define in a web ACL.
7913
8004
  # @return [Types::RuleGroupReferenceStatement]
7914
8005
  #
7915
8006
  # @!attribute [rw] ip_set_reference_statement
@@ -8062,8 +8153,10 @@ module Aws::WAFV2
8062
8153
  # calling ListAvailableManagedRuleGroups.
8063
8154
  #
8064
8155
  # You cannot nest a `ManagedRuleGroupStatement`, for example for use
8065
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
8066
- # as a top-level statement within a rule.
8156
+ # inside a `NotStatement` or `OrStatement`. You cannot use a managed
8157
+ # rule group inside another rule group. You can only reference a
8158
+ # managed rule group as a top-level statement within a rule that you
8159
+ # define in a web ACL.
8067
8160
  #
8068
8161
  # <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
8069
8162
  # managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
@@ -8219,126 +8312,12 @@ module Aws::WAFV2
8219
8312
  # @return [Integer]
8220
8313
  #
8221
8314
  # @!attribute [rw] type
8222
- # You can specify the following transformation types:
8223
- #
8224
- # **BASE64\_DECODE** - Decode a `Base64`-encoded string.
8225
- #
8226
- # **BASE64\_DECODE\_EXT** - Decode a `Base64`-encoded string, but use
8227
- # a forgiving implementation that ignores characters that aren't
8228
- # valid.
8229
- #
8230
- # **CMD\_LINE** - Command-line transformations. These are helpful in
8231
- # reducing effectiveness of attackers who inject an operating system
8232
- # command-line command and use unusual formatting to disguise some or
8233
- # all of the command.
8234
- #
8235
- # * Delete the following characters: `\ " ' ^`
8236
- #
8237
- # * Delete spaces before the following characters: `/ (`
8238
- #
8239
- # * Replace the following characters with a space: `, ;`
8240
- #
8241
- # * Replace multiple spaces with one space
8242
- #
8243
- # * Convert uppercase letters (A-Z) to lowercase (a-z)
8244
- #
8245
- # **COMPRESS\_WHITE\_SPACE** - Replace these characters with a space
8246
- # character (decimal 32):
8247
- #
8248
- # * `\f`, formfeed, decimal 12
8249
- #
8250
- # * `\t`, tab, decimal 9
8251
- #
8252
- # * `\n`, newline, decimal 10
8253
- #
8254
- # * `\r`, carriage return, decimal 13
8255
- #
8256
- # * `\v`, vertical tab, decimal 11
8257
- #
8258
- # * Non-breaking space, decimal 160
8259
- #
8260
- # `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
8261
- #
8262
- # **CSS\_DECODE** - Decode characters that were encoded using CSS 2.x
8263
- # escape rules `syndata.html#characters`. This function uses up to two
8264
- # bytes in the decoding process, so it can help to uncover ASCII
8265
- # characters that were encoded using CSS encoding that wouldn’t
8266
- # typically be encoded. It's also useful in countering evasion, which
8267
- # is a combination of a backslash and non-hexadecimal characters. For
8268
- # example, `ja\vascript` for javascript.
8269
- #
8270
- # **ESCAPE\_SEQ\_DECODE** - Decode the following ANSI C escape
8271
- # sequences: `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`,
8272
- # `'`, `"`, `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that
8273
- # aren't valid remain in the output.
8274
- #
8275
- # **HEX\_DECODE** - Decode a string of hexadecimal characters into a
8276
- # binary.
8277
- #
8278
- # **HTML\_ENTITY\_DECODE** - Replace HTML-encoded characters with
8279
- # unencoded characters. `HTML_ENTITY_DECODE` performs these
8280
- # operations:
8281
- #
8282
- # * Replaces `(ampersand)quot;` with `"`
8283
- #
8284
- # * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
8285
- #
8286
- # * Replaces `(ampersand)lt;` with a "less than" symbol
8287
- #
8288
- # * Replaces `(ampersand)gt;` with `>`
8289
- #
8290
- # * Replaces characters that are represented in hexadecimal format,
8291
- # `(ampersand)#xhhhh;`, with the corresponding characters
8292
- #
8293
- # * Replaces characters that are represented in decimal format,
8294
- # `(ampersand)#nnnn;`, with the corresponding characters
8295
- #
8296
- # **JS\_DECODE** - Decode JavaScript escape sequences. If a `` `u`
8297
- # `HHHH` code is in the full-width ASCII code range of `FF01-FF5E`,
8298
- # then the higher byte is used to detect and adjust the lower byte. If
8299
- # not, only the lower byte is used and the higher byte is zeroed,
8300
- # causing a possible loss of information.
8301
- #
8302
- # **LOWERCASE** - Convert uppercase letters (A-Z) to lowercase (a-z).
8303
- #
8304
- # **MD5** - Calculate an MD5 hash from the data in the input. The
8305
- # computed hash is in a raw binary form.
8306
- #
8307
- # **NONE** - Specify `NONE` if you don't want any text
8308
- # transformations.
8309
- #
8310
- # **NORMALIZE\_PATH** - Remove multiple slashes, directory
8311
- # self-references, and directory back-references that are not at the
8312
- # beginning of the input from an input string.
8313
- #
8314
- # **NORMALIZE\_PATH\_WIN** - This is the same as `NORMALIZE_PATH`, but
8315
- # first converts backslash characters to forward slashes.
8316
- #
8317
- # **REMOVE\_NULLS** - Remove all `NULL` bytes from the input.
8318
- #
8319
- # **REPLACE\_COMMENTS** - Replace each occurrence of a C-style comment
8320
- # (`/* ... */`) with a single space. Multiple consecutive occurrences
8321
- # are not compressed. Unterminated comments are also replaced with a
8322
- # space (ASCII 0x20). However, a standalone termination of a comment
8323
- # (`*/`) is not acted upon.
8324
- #
8325
- # **REPLACE\_NULLS** - Replace NULL bytes in the input with space
8326
- # characters (ASCII `0x20`).
8327
- #
8328
- # **SQL\_HEX\_DECODE** - Decode SQL hex data. Example (`0x414243`)
8329
- # will be decoded to (`ABC`).
8315
+ # For detailed descriptions of each of the transformation types, see
8316
+ # [Text transformations][1] in the *WAF Developer Guide*.
8330
8317
  #
8331
- # **URL\_DECODE** - Decode a URL-encoded value.
8332
8318
  #
8333
- # **URL\_DECODE\_UNI** - Like `URL_DECODE`, but with support for
8334
- # Microsoft-specific `%u` encoding. If the code is in the full-width
8335
- # ASCII code range of `FF01-FF5E`, the higher byte is used to detect
8336
- # and adjust the lower byte. Otherwise, only the lower byte is used
8337
- # and the higher byte is zeroed.
8338
8319
  #
8339
- # **UTF8\_TO\_UNICODE** - Convert all UTF-8 character sequences to
8340
- # Unicode. This helps input normalization, and minimizing
8341
- # false-positives and false-negatives for non-English languages.
8320
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html
8342
8321
  # @return [String]
8343
8322
  #
8344
8323
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TextTransformation AWS API Documentation
@@ -8450,27 +8429,24 @@ module Aws::WAFV2
8450
8429
  #
8451
8430
  # @!attribute [rw] addresses
8452
8431
  # Contains an array of strings that specifies zero or more IP
8453
- # addresses or blocks of IP addresses. All addresses must be specified
8454
- # using Classless Inter-Domain Routing (CIDR) notation. WAF supports
8455
- # all IPv4 and IPv6 CIDR ranges except for `/0`.
8432
+ # addresses or blocks of IP addresses that you want WAF to inspect for
8433
+ # in incoming requests. All addresses must be specified using
8434
+ # Classless Inter-Domain Routing (CIDR) notation. WAF supports all
8435
+ # IPv4 and IPv6 CIDR ranges except for `/0`.
8456
8436
  #
8457
8437
  # Example address strings:
8458
8438
  #
8459
- # * To configure WAF to allow, block, or count requests that
8460
- # originated from the IP address 192.0.2.44, specify
8461
- # `192.0.2.44/32`.
8439
+ # * For requests that originated from the IP address 192.0.2.44,
8440
+ # specify `192.0.2.44/32`.
8462
8441
  #
8463
- # * To configure WAF to allow, block, or count requests that
8464
- # originated from IP addresses from 192.0.2.0 to 192.0.2.255,
8465
- # specify `192.0.2.0/24`.
8442
+ # * For requests that originated from IP addresses from 192.0.2.0 to
8443
+ # 192.0.2.255, specify `192.0.2.0/24`.
8466
8444
  #
8467
- # * To configure WAF to allow, block, or count requests that
8468
- # originated from the IP address
8445
+ # * For requests that originated from the IP address
8469
8446
  # 1111:0000:0000:0000:0000:0000:0000:0111, specify
8470
8447
  # `1111:0000:0000:0000:0000:0000:0000:0111/128`.
8471
8448
  #
8472
- # * To configure WAF to allow, block, or count requests that
8473
- # originated from IP addresses
8449
+ # * For requests that originated from IP addresses
8474
8450
  # 1111:0000:0000:0000:0000:0000:0000:0000 to
8475
8451
  # 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
8476
8452
  # `1111:0000:0000:0000:0000:0000:0000:0000/64`.
@@ -8741,9 +8717,9 @@ module Aws::WAFV2
8741
8717
  #
8742
8718
  # @!attribute [rw] rules
8743
8719
  # The Rule statements used to identify the web requests that you want
8744
- # to allow, block, or count. Each rule includes one top-level
8745
- # statement that WAF uses to identify matching web requests, and
8746
- # parameters that govern how WAF handles them.
8720
+ # to manage. Each rule includes one top-level statement that WAF uses
8721
+ # to identify matching web requests, and parameters that govern how
8722
+ # WAF handles them.
8747
8723
  # @return [Array<Types::Rule>]
8748
8724
  #
8749
8725
  # @!attribute [rw] visibility_config
@@ -8850,9 +8826,9 @@ module Aws::WAFV2
8850
8826
  #
8851
8827
  # @!attribute [rw] rules
8852
8828
  # The Rule statements used to identify the web requests that you want
8853
- # to allow, block, or count. Each rule includes one top-level
8854
- # statement that WAF uses to identify matching web requests, and
8855
- # parameters that govern how WAF handles them.
8829
+ # to manage. Each rule includes one top-level statement that WAF uses
8830
+ # to identify matching web requests, and parameters that govern how
8831
+ # WAF handles them.
8856
8832
  # @return [Array<Types::Rule>]
8857
8833
  #
8858
8834
  # @!attribute [rw] visibility_config
@@ -8927,7 +8903,7 @@ module Aws::WAFV2
8927
8903
  #
8928
8904
  # Use this to customize the maximum size of the request body that your
8929
8905
  # protected CloudFront distributions forward to WAF for inspection.
8930
- # The default is 16 KB (16,384 kilobytes).
8906
+ # The default is 16 KB (16,384 bytes).
8931
8907
  #
8932
8908
  # <note markdown="1"> You are charged additional fees when your protected resources
8933
8909
  # forward body sizes that are larger than the default. For more
@@ -9458,16 +9434,17 @@ module Aws::WAFV2
9458
9434
  end
9459
9435
 
9460
9436
  # A web ACL defines a collection of rules to use to inspect and control
9461
- # web requests. Each rule has an action defined (allow, block, or count)
9462
- # for requests that match the statement of the rule. In the web ACL, you
9463
- # assign a default action to take (allow, block) for any request that
9464
- # does not match any of the rules. The rules in a web ACL can be a
9465
- # combination of the types Rule, RuleGroup, and managed rule group. You
9466
- # can associate a web ACL with one or more Amazon Web Services resources
9467
- # to protect. The resources can be an Amazon CloudFront distribution, an
9468
- # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
9469
- # GraphQL API, an Amazon Cognito user pool, an App Runner service, or an
9470
- # Amazon Web Services Verified Access instance.
9437
+ # web requests. Each rule has a statement that defines what to look for
9438
+ # in web requests and an action that WAF applies to requests that match
9439
+ # the statement. In the web ACL, you assign a default action to take
9440
+ # (allow, block) for any request that does not match any of the rules.
9441
+ # The rules in a web ACL can be a combination of the types Rule,
9442
+ # RuleGroup, and managed rule group. You can associate a web ACL with
9443
+ # one or more Amazon Web Services resources to protect. The resources
9444
+ # can be an Amazon CloudFront distribution, an Amazon API Gateway REST
9445
+ # API, an Application Load Balancer, an AppSync GraphQL API, an Amazon
9446
+ # Cognito user pool, an App Runner service, or an Amazon Web Services
9447
+ # Verified Access instance.
9471
9448
  #
9472
9449
  # @!attribute [rw] name
9473
9450
  # The name of the web ACL. You cannot change the name of a web ACL
@@ -9496,9 +9473,9 @@ module Aws::WAFV2
9496
9473
  #
9497
9474
  # @!attribute [rw] rules
9498
9475
  # The Rule statements used to identify the web requests that you want
9499
- # to allow, block, or count. Each rule includes one top-level
9500
- # statement that WAF uses to identify matching web requests, and
9501
- # parameters that govern how WAF handles them.
9476
+ # to manage. Each rule includes one top-level statement that WAF uses
9477
+ # to identify matching web requests, and parameters that govern how
9478
+ # WAF handles them.
9502
9479
  # @return [Array<Types::Rule>]
9503
9480
  #
9504
9481
  # @!attribute [rw] visibility_config
@@ -9623,7 +9600,7 @@ module Aws::WAFV2
9623
9600
  #
9624
9601
  # Use this to customize the maximum size of the request body that your
9625
9602
  # protected CloudFront distributions forward to WAF for inspection.
9626
- # The default is 16 KB (16,384 kilobytes).
9603
+ # The default is 16 KB (16,384 bytes).
9627
9604
  #
9628
9605
  # <note markdown="1"> You are charged additional fees when your protected resources
9629
9606
  # forward body sizes that are larger than the default. For more
@@ -9726,7 +9703,7 @@ module Aws::WAFV2
9726
9703
  # before using them as custom aggregation keys. If you specify one or
9727
9704
  # more transformations to apply, WAF performs all transformations on
9728
9705
  # the specified content, starting from the lowest priority setting,
9729
- # and then uses the component contents.
9706
+ # and then uses the transformed component contents.
9730
9707
  # @return [Array<Types::TextTransformation>]
9731
9708
  #
9732
9709
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/XssMatchStatement AWS API Documentation