aws-sdk-wafv2 1.7.0 → 1.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-wafv2.rb +3 -2
- data/lib/aws-sdk-wafv2/client.rb +145 -22
- data/lib/aws-sdk-wafv2/client_api.rb +19 -0
- data/lib/aws-sdk-wafv2/types.rb +485 -47
- metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -185,6 +185,10 @@ module Aws::WAFV2
|
|
185
185
|
# },
|
186
186
|
# geo_match_statement: {
|
187
187
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
188
|
+
# forwarded_ip_config: {
|
189
|
+
# header_name: "ForwardedIPHeaderName", # required
|
190
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
191
|
+
# },
|
188
192
|
# },
|
189
193
|
# rule_group_reference_statement: {
|
190
194
|
# arn: "ResourceArn", # required
|
@@ -196,6 +200,11 @@ module Aws::WAFV2
|
|
196
200
|
# },
|
197
201
|
# ip_set_reference_statement: {
|
198
202
|
# arn: "ResourceArn", # required
|
203
|
+
# ip_set_forwarded_ip_config: {
|
204
|
+
# header_name: "ForwardedIPHeaderName", # required
|
205
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
206
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
207
|
+
# },
|
199
208
|
# },
|
200
209
|
# regex_pattern_set_reference_statement: {
|
201
210
|
# arn: "ResourceArn", # required
|
@@ -226,10 +235,14 @@ module Aws::WAFV2
|
|
226
235
|
# },
|
227
236
|
# rate_based_statement: {
|
228
237
|
# limit: 1, # required
|
229
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
238
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
230
239
|
# scope_down_statement: {
|
231
240
|
# # recursive Statement
|
232
241
|
# },
|
242
|
+
# forwarded_ip_config: {
|
243
|
+
# header_name: "ForwardedIPHeaderName", # required
|
244
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
245
|
+
# },
|
233
246
|
# },
|
234
247
|
# and_statement: {
|
235
248
|
# statements: { # required
|
@@ -629,6 +642,10 @@ module Aws::WAFV2
|
|
629
642
|
# },
|
630
643
|
# geo_match_statement: {
|
631
644
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
645
|
+
# forwarded_ip_config: {
|
646
|
+
# header_name: "ForwardedIPHeaderName", # required
|
647
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
648
|
+
# },
|
632
649
|
# },
|
633
650
|
# rule_group_reference_statement: {
|
634
651
|
# arn: "ResourceArn", # required
|
@@ -640,6 +657,11 @@ module Aws::WAFV2
|
|
640
657
|
# },
|
641
658
|
# ip_set_reference_statement: {
|
642
659
|
# arn: "ResourceArn", # required
|
660
|
+
# ip_set_forwarded_ip_config: {
|
661
|
+
# header_name: "ForwardedIPHeaderName", # required
|
662
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
663
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
664
|
+
# },
|
643
665
|
# },
|
644
666
|
# regex_pattern_set_reference_statement: {
|
645
667
|
# arn: "ResourceArn", # required
|
@@ -670,10 +692,14 @@ module Aws::WAFV2
|
|
670
692
|
# },
|
671
693
|
# rate_based_statement: {
|
672
694
|
# limit: 1, # required
|
673
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
695
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
674
696
|
# scope_down_statement: {
|
675
697
|
# # recursive Statement
|
676
698
|
# },
|
699
|
+
# forwarded_ip_config: {
|
700
|
+
# header_name: "ForwardedIPHeaderName", # required
|
701
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
702
|
+
# },
|
677
703
|
# },
|
678
704
|
# and_statement: {
|
679
705
|
# statements: [ # required
|
@@ -1104,6 +1130,10 @@ module Aws::WAFV2
|
|
1104
1130
|
# },
|
1105
1131
|
# geo_match_statement: {
|
1106
1132
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
1133
|
+
# forwarded_ip_config: {
|
1134
|
+
# header_name: "ForwardedIPHeaderName", # required
|
1135
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
1136
|
+
# },
|
1107
1137
|
# },
|
1108
1138
|
# rule_group_reference_statement: {
|
1109
1139
|
# arn: "ResourceArn", # required
|
@@ -1115,6 +1145,11 @@ module Aws::WAFV2
|
|
1115
1145
|
# },
|
1116
1146
|
# ip_set_reference_statement: {
|
1117
1147
|
# arn: "ResourceArn", # required
|
1148
|
+
# ip_set_forwarded_ip_config: {
|
1149
|
+
# header_name: "ForwardedIPHeaderName", # required
|
1150
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
1151
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
1152
|
+
# },
|
1118
1153
|
# },
|
1119
1154
|
# regex_pattern_set_reference_statement: {
|
1120
1155
|
# arn: "ResourceArn", # required
|
@@ -1145,10 +1180,14 @@ module Aws::WAFV2
|
|
1145
1180
|
# },
|
1146
1181
|
# rate_based_statement: {
|
1147
1182
|
# limit: 1, # required
|
1148
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
1183
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
1149
1184
|
# scope_down_statement: {
|
1150
1185
|
# # recursive Statement
|
1151
1186
|
# },
|
1187
|
+
# forwarded_ip_config: {
|
1188
|
+
# header_name: "ForwardedIPHeaderName", # required
|
1189
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
1190
|
+
# },
|
1152
1191
|
# },
|
1153
1192
|
# and_statement: {
|
1154
1193
|
# statements: [ # required
|
@@ -1429,6 +1468,10 @@ module Aws::WAFV2
|
|
1429
1468
|
# },
|
1430
1469
|
# geo_match_statement: {
|
1431
1470
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
1471
|
+
# forwarded_ip_config: {
|
1472
|
+
# header_name: "ForwardedIPHeaderName", # required
|
1473
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
1474
|
+
# },
|
1432
1475
|
# },
|
1433
1476
|
# rule_group_reference_statement: {
|
1434
1477
|
# arn: "ResourceArn", # required
|
@@ -1440,6 +1483,11 @@ module Aws::WAFV2
|
|
1440
1483
|
# },
|
1441
1484
|
# ip_set_reference_statement: {
|
1442
1485
|
# arn: "ResourceArn", # required
|
1486
|
+
# ip_set_forwarded_ip_config: {
|
1487
|
+
# header_name: "ForwardedIPHeaderName", # required
|
1488
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
1489
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
1490
|
+
# },
|
1443
1491
|
# },
|
1444
1492
|
# regex_pattern_set_reference_statement: {
|
1445
1493
|
# arn: "ResourceArn", # required
|
@@ -1470,10 +1518,14 @@ module Aws::WAFV2
|
|
1470
1518
|
# },
|
1471
1519
|
# rate_based_statement: {
|
1472
1520
|
# limit: 1, # required
|
1473
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
1521
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
1474
1522
|
# scope_down_statement: {
|
1475
1523
|
# # recursive Statement
|
1476
1524
|
# },
|
1525
|
+
# forwarded_ip_config: {
|
1526
|
+
# header_name: "ForwardedIPHeaderName", # required
|
1527
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
1528
|
+
# },
|
1477
1529
|
# },
|
1478
1530
|
# and_statement: {
|
1479
1531
|
# statements: [ # required
|
@@ -2367,6 +2419,69 @@ module Aws::WAFV2
|
|
2367
2419
|
include Aws::Structure
|
2368
2420
|
end
|
2369
2421
|
|
2422
|
+
# The configuration for inspecting IP addresses in an HTTP header that
|
2423
|
+
# you specify, instead of using the IP address that's reported by the
|
2424
|
+
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
2425
|
+
# header, but you can specify any header name.
|
2426
|
+
#
|
2427
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
2428
|
+
# doesn't apply the rule to the web request at all.
|
2429
|
+
#
|
2430
|
+
# </note>
|
2431
|
+
#
|
2432
|
+
# This configuration is used for GeoMatchStatement and
|
2433
|
+
# RateBasedStatement. For IPSetReferenceStatement, use
|
2434
|
+
# IPSetForwardedIPConfig instead.
|
2435
|
+
#
|
2436
|
+
# AWS WAF only evaluates the first IP address found in the specified
|
2437
|
+
# HTTP header.
|
2438
|
+
#
|
2439
|
+
# @note When making an API call, you may pass ForwardedIPConfig
|
2440
|
+
# data as a hash:
|
2441
|
+
#
|
2442
|
+
# {
|
2443
|
+
# header_name: "ForwardedIPHeaderName", # required
|
2444
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
2445
|
+
# }
|
2446
|
+
#
|
2447
|
+
# @!attribute [rw] header_name
|
2448
|
+
# The name of the HTTP header to use for the IP address. For example,
|
2449
|
+
# to use the X-Forwarded-For (XFF) header, set this to
|
2450
|
+
# `X-Forwarded-For`.
|
2451
|
+
#
|
2452
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
2453
|
+
# doesn't apply the rule to the web request at all.
|
2454
|
+
#
|
2455
|
+
# </note>
|
2456
|
+
# @return [String]
|
2457
|
+
#
|
2458
|
+
# @!attribute [rw] fallback_behavior
|
2459
|
+
# The match status to assign to the web request if the request
|
2460
|
+
# doesn't have a valid IP address in the specified position.
|
2461
|
+
#
|
2462
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
2463
|
+
# doesn't apply the rule to the web request at all.
|
2464
|
+
#
|
2465
|
+
# </note>
|
2466
|
+
#
|
2467
|
+
# You can specify the following fallback behaviors:
|
2468
|
+
#
|
2469
|
+
# * MATCH - Treat the web request as matching the rule statement. AWS
|
2470
|
+
# WAF applies the rule action to the request.
|
2471
|
+
#
|
2472
|
+
# * NO\_MATCH - Treat the web request as not matching the rule
|
2473
|
+
# statement.
|
2474
|
+
# @return [String]
|
2475
|
+
#
|
2476
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ForwardedIPConfig AWS API Documentation
|
2477
|
+
#
|
2478
|
+
class ForwardedIPConfig < Struct.new(
|
2479
|
+
:header_name,
|
2480
|
+
:fallback_behavior)
|
2481
|
+
SENSITIVE = []
|
2482
|
+
include Aws::Structure
|
2483
|
+
end
|
2484
|
+
|
2370
2485
|
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2371
2486
|
# in November, 2019. For information, including how to migrate your AWS
|
2372
2487
|
# WAF resources from the prior release, see the [AWS WAF Developer
|
@@ -2386,6 +2501,10 @@ module Aws::WAFV2
|
|
2386
2501
|
#
|
2387
2502
|
# {
|
2388
2503
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
2504
|
+
# forwarded_ip_config: {
|
2505
|
+
# header_name: "ForwardedIPHeaderName", # required
|
2506
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
2507
|
+
# },
|
2389
2508
|
# }
|
2390
2509
|
#
|
2391
2510
|
# @!attribute [rw] country_codes
|
@@ -2394,10 +2513,23 @@ module Aws::WAFV2
|
|
2394
2513
|
# standard.
|
2395
2514
|
# @return [Array<String>]
|
2396
2515
|
#
|
2516
|
+
# @!attribute [rw] forwarded_ip_config
|
2517
|
+
# The configuration for inspecting IP addresses in an HTTP header that
|
2518
|
+
# you specify, instead of using the IP address that's reported by the
|
2519
|
+
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
2520
|
+
# header, but you can specify any header name.
|
2521
|
+
#
|
2522
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
2523
|
+
# doesn't apply the rule to the web request at all.
|
2524
|
+
#
|
2525
|
+
# </note>
|
2526
|
+
# @return [Types::ForwardedIPConfig]
|
2527
|
+
#
|
2397
2528
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GeoMatchStatement AWS API Documentation
|
2398
2529
|
#
|
2399
2530
|
class GeoMatchStatement < Struct.new(
|
2400
|
-
:country_codes
|
2531
|
+
:country_codes,
|
2532
|
+
:forwarded_ip_config)
|
2401
2533
|
SENSITIVE = []
|
2402
2534
|
include Aws::Structure
|
2403
2535
|
end
|
@@ -2778,9 +2910,10 @@ module Aws::WAFV2
|
|
2778
2910
|
# @!attribute [rw] time_window
|
2779
2911
|
# The start date and time and the end date and time of the range for
|
2780
2912
|
# which you want `GetSampledRequests` to return a sample of requests.
|
2781
|
-
#
|
2782
|
-
#
|
2783
|
-
#
|
2913
|
+
# You must specify the times in Coordinated Universal Time (UTC)
|
2914
|
+
# format. UTC format includes the special designator, `Z`. For
|
2915
|
+
# example, `"2016-09-27T14:50Z"`. You can specify any time range in
|
2916
|
+
# the previous three hours.
|
2784
2917
|
# @return [Types::TimeWindow]
|
2785
2918
|
#
|
2786
2919
|
# @!attribute [rw] max_items
|
@@ -2820,7 +2953,8 @@ module Aws::WAFV2
|
|
2820
2953
|
# `GetSampledRequests` request. However, if your AWS resource received
|
2821
2954
|
# more than 5,000 requests during the time range that you specified in
|
2822
2955
|
# the request, `GetSampledRequests` returns the time range for the
|
2823
|
-
# first 5,000 requests.
|
2956
|
+
# first 5,000 requests. Times are in Coordinated Universal Time (UTC)
|
2957
|
+
# format.
|
2824
2958
|
# @return [Types::TimeWindow]
|
2825
2959
|
#
|
2826
2960
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetSampledRequestsResponse AWS API Documentation
|
@@ -3130,6 +3264,88 @@ module Aws::WAFV2
|
|
3130
3264
|
include Aws::Structure
|
3131
3265
|
end
|
3132
3266
|
|
3267
|
+
# The configuration for inspecting IP addresses in an HTTP header that
|
3268
|
+
# you specify, instead of using the IP address that's reported by the
|
3269
|
+
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
3270
|
+
# header, but you can specify any header name.
|
3271
|
+
#
|
3272
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
3273
|
+
# doesn't apply the rule to the web request at all.
|
3274
|
+
#
|
3275
|
+
# </note>
|
3276
|
+
#
|
3277
|
+
# This configuration is used only for IPSetReferenceStatement. For
|
3278
|
+
# GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig
|
3279
|
+
# instead.
|
3280
|
+
#
|
3281
|
+
# @note When making an API call, you may pass IPSetForwardedIPConfig
|
3282
|
+
# data as a hash:
|
3283
|
+
#
|
3284
|
+
# {
|
3285
|
+
# header_name: "ForwardedIPHeaderName", # required
|
3286
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
3287
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
3288
|
+
# }
|
3289
|
+
#
|
3290
|
+
# @!attribute [rw] header_name
|
3291
|
+
# The name of the HTTP header to use for the IP address. For example,
|
3292
|
+
# to use the X-Forwarded-For (XFF) header, set this to
|
3293
|
+
# `X-Forwarded-For`.
|
3294
|
+
#
|
3295
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
3296
|
+
# doesn't apply the rule to the web request at all.
|
3297
|
+
#
|
3298
|
+
# </note>
|
3299
|
+
# @return [String]
|
3300
|
+
#
|
3301
|
+
# @!attribute [rw] fallback_behavior
|
3302
|
+
# The match status to assign to the web request if the request
|
3303
|
+
# doesn't have a valid IP address in the specified position.
|
3304
|
+
#
|
3305
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
3306
|
+
# doesn't apply the rule to the web request at all.
|
3307
|
+
#
|
3308
|
+
# </note>
|
3309
|
+
#
|
3310
|
+
# You can specify the following fallback behaviors:
|
3311
|
+
#
|
3312
|
+
# * MATCH - Treat the web request as matching the rule statement. AWS
|
3313
|
+
# WAF applies the rule action to the request.
|
3314
|
+
#
|
3315
|
+
# * NO\_MATCH - Treat the web request as not matching the rule
|
3316
|
+
# statement.
|
3317
|
+
# @return [String]
|
3318
|
+
#
|
3319
|
+
# @!attribute [rw] position
|
3320
|
+
# The position in the header to search for the IP address. The header
|
3321
|
+
# can contain IP addresses of the original client and also of proxies.
|
3322
|
+
# For example, the header value could be `10.1.1.1, 127.0.0.0,
|
3323
|
+
# 10.10.10.10` where the first IP address identifies the original
|
3324
|
+
# client and the rest identify proxies that the request went through.
|
3325
|
+
#
|
3326
|
+
# The options for this setting are the following:
|
3327
|
+
#
|
3328
|
+
# * FIRST - Inspect the first IP address in the list of IP addresses
|
3329
|
+
# in the header. This is usually the client's original IP.
|
3330
|
+
#
|
3331
|
+
# * LAST - Inspect the last IP address in the list of IP addresses in
|
3332
|
+
# the header.
|
3333
|
+
#
|
3334
|
+
# * ANY - Inspect all IP addresses in the header for a match. If the
|
3335
|
+
# header contains more than 10 IP addresses, AWS WAF inspects the
|
3336
|
+
# last 10.
|
3337
|
+
# @return [String]
|
3338
|
+
#
|
3339
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetForwardedIPConfig AWS API Documentation
|
3340
|
+
#
|
3341
|
+
class IPSetForwardedIPConfig < Struct.new(
|
3342
|
+
:header_name,
|
3343
|
+
:fallback_behavior,
|
3344
|
+
:position)
|
3345
|
+
SENSITIVE = []
|
3346
|
+
include Aws::Structure
|
3347
|
+
end
|
3348
|
+
|
3133
3349
|
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
3134
3350
|
# in November, 2019. For information, including how to migrate your AWS
|
3135
3351
|
# WAF resources from the prior release, see the [AWS WAF Developer
|
@@ -3156,6 +3372,11 @@ module Aws::WAFV2
|
|
3156
3372
|
#
|
3157
3373
|
# {
|
3158
3374
|
# arn: "ResourceArn", # required
|
3375
|
+
# ip_set_forwarded_ip_config: {
|
3376
|
+
# header_name: "ForwardedIPHeaderName", # required
|
3377
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
3378
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
3379
|
+
# },
|
3159
3380
|
# }
|
3160
3381
|
#
|
3161
3382
|
# @!attribute [rw] arn
|
@@ -3163,10 +3384,23 @@ module Aws::WAFV2
|
|
3163
3384
|
# references.
|
3164
3385
|
# @return [String]
|
3165
3386
|
#
|
3387
|
+
# @!attribute [rw] ip_set_forwarded_ip_config
|
3388
|
+
# The configuration for inspecting IP addresses in an HTTP header that
|
3389
|
+
# you specify, instead of using the IP address that's reported by the
|
3390
|
+
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
3391
|
+
# header, but you can specify any header name.
|
3392
|
+
#
|
3393
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
3394
|
+
# doesn't apply the rule to the web request at all.
|
3395
|
+
#
|
3396
|
+
# </note>
|
3397
|
+
# @return [Types::IPSetForwardedIPConfig]
|
3398
|
+
#
|
3166
3399
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetReferenceStatement AWS API Documentation
|
3167
3400
|
#
|
3168
3401
|
class IPSetReferenceStatement < Struct.new(
|
3169
|
-
:arn
|
3402
|
+
:arn,
|
3403
|
+
:ip_set_forwarded_ip_config)
|
3170
3404
|
SENSITIVE = []
|
3171
3405
|
include Aws::Structure
|
3172
3406
|
end
|
@@ -3782,6 +4016,7 @@ module Aws::WAFV2
|
|
3782
4016
|
# },
|
3783
4017
|
# },
|
3784
4018
|
# ],
|
4019
|
+
# managed_by_firewall_manager: false,
|
3785
4020
|
# }
|
3786
4021
|
#
|
3787
4022
|
# @!attribute [rw] resource_arn
|
@@ -3796,16 +4031,28 @@ module Aws::WAFV2
|
|
3796
4031
|
#
|
3797
4032
|
# @!attribute [rw] redacted_fields
|
3798
4033
|
# The parts of the request that you want to keep out of the logs. For
|
3799
|
-
# example, if you redact the
|
4034
|
+
# example, if you redact the `HEADER` field, the `HEADER` field in the
|
3800
4035
|
# firehose will be `xxx`.
|
4036
|
+
#
|
4037
|
+
# <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
|
4038
|
+
# `HEADER`, or `METHOD`.
|
4039
|
+
#
|
4040
|
+
# </note>
|
3801
4041
|
# @return [Array<Types::FieldToMatch>]
|
3802
4042
|
#
|
4043
|
+
# @!attribute [rw] managed_by_firewall_manager
|
4044
|
+
# Indicates whether the logging configuration was created by AWS
|
4045
|
+
# Firewall Manager, as part of an AWS WAF policy configuration. If
|
4046
|
+
# true, only Firewall Manager can modify or delete the configuration.
|
4047
|
+
# @return [Boolean]
|
4048
|
+
#
|
3803
4049
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/LoggingConfiguration AWS API Documentation
|
3804
4050
|
#
|
3805
4051
|
class LoggingConfiguration < Struct.new(
|
3806
4052
|
:resource_arn,
|
3807
4053
|
:log_destination_configs,
|
3808
|
-
:redacted_fields
|
4054
|
+
:redacted_fields,
|
4055
|
+
:managed_by_firewall_manager)
|
3809
4056
|
SENSITIVE = []
|
3810
4057
|
include Aws::Structure
|
3811
4058
|
end
|
@@ -4089,6 +4336,10 @@ module Aws::WAFV2
|
|
4089
4336
|
# },
|
4090
4337
|
# geo_match_statement: {
|
4091
4338
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
4339
|
+
# forwarded_ip_config: {
|
4340
|
+
# header_name: "ForwardedIPHeaderName", # required
|
4341
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
4342
|
+
# },
|
4092
4343
|
# },
|
4093
4344
|
# rule_group_reference_statement: {
|
4094
4345
|
# arn: "ResourceArn", # required
|
@@ -4100,6 +4351,11 @@ module Aws::WAFV2
|
|
4100
4351
|
# },
|
4101
4352
|
# ip_set_reference_statement: {
|
4102
4353
|
# arn: "ResourceArn", # required
|
4354
|
+
# ip_set_forwarded_ip_config: {
|
4355
|
+
# header_name: "ForwardedIPHeaderName", # required
|
4356
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
4357
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
4358
|
+
# },
|
4103
4359
|
# },
|
4104
4360
|
# regex_pattern_set_reference_statement: {
|
4105
4361
|
# arn: "ResourceArn", # required
|
@@ -4130,10 +4386,14 @@ module Aws::WAFV2
|
|
4130
4386
|
# },
|
4131
4387
|
# rate_based_statement: {
|
4132
4388
|
# limit: 1, # required
|
4133
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
4389
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
4134
4390
|
# scope_down_statement: {
|
4135
4391
|
# # recursive Statement
|
4136
4392
|
# },
|
4393
|
+
# forwarded_ip_config: {
|
4394
|
+
# header_name: "ForwardedIPHeaderName", # required
|
4395
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
4396
|
+
# },
|
4137
4397
|
# },
|
4138
4398
|
# and_statement: {
|
4139
4399
|
# statements: [ # required
|
@@ -4309,6 +4569,10 @@ module Aws::WAFV2
|
|
4309
4569
|
# },
|
4310
4570
|
# geo_match_statement: {
|
4311
4571
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
4572
|
+
# forwarded_ip_config: {
|
4573
|
+
# header_name: "ForwardedIPHeaderName", # required
|
4574
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
4575
|
+
# },
|
4312
4576
|
# },
|
4313
4577
|
# rule_group_reference_statement: {
|
4314
4578
|
# arn: "ResourceArn", # required
|
@@ -4320,6 +4584,11 @@ module Aws::WAFV2
|
|
4320
4584
|
# },
|
4321
4585
|
# ip_set_reference_statement: {
|
4322
4586
|
# arn: "ResourceArn", # required
|
4587
|
+
# ip_set_forwarded_ip_config: {
|
4588
|
+
# header_name: "ForwardedIPHeaderName", # required
|
4589
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
4590
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
4591
|
+
# },
|
4323
4592
|
# },
|
4324
4593
|
# regex_pattern_set_reference_statement: {
|
4325
4594
|
# arn: "ResourceArn", # required
|
@@ -4350,10 +4619,14 @@ module Aws::WAFV2
|
|
4350
4619
|
# },
|
4351
4620
|
# rate_based_statement: {
|
4352
4621
|
# limit: 1, # required
|
4353
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
4622
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
4354
4623
|
# scope_down_statement: {
|
4355
4624
|
# # recursive Statement
|
4356
4625
|
# },
|
4626
|
+
# forwarded_ip_config: {
|
4627
|
+
# header_name: "ForwardedIPHeaderName", # required
|
4628
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
4629
|
+
# },
|
4357
4630
|
# },
|
4358
4631
|
# and_statement: {
|
4359
4632
|
# statements: { # required
|
@@ -4467,6 +4740,7 @@ module Aws::WAFV2
|
|
4467
4740
|
# },
|
4468
4741
|
# },
|
4469
4742
|
# ],
|
4743
|
+
# managed_by_firewall_manager: false,
|
4470
4744
|
# },
|
4471
4745
|
# }
|
4472
4746
|
#
|
@@ -4616,7 +4890,7 @@ module Aws::WAFV2
|
|
4616
4890
|
#
|
4617
4891
|
# {
|
4618
4892
|
# limit: 1, # required
|
4619
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
4893
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
4620
4894
|
# scope_down_statement: {
|
4621
4895
|
# byte_match_statement: {
|
4622
4896
|
# search_string: "data", # required
|
@@ -4728,6 +5002,10 @@ module Aws::WAFV2
|
|
4728
5002
|
# },
|
4729
5003
|
# geo_match_statement: {
|
4730
5004
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
5005
|
+
# forwarded_ip_config: {
|
5006
|
+
# header_name: "ForwardedIPHeaderName", # required
|
5007
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
5008
|
+
# },
|
4731
5009
|
# },
|
4732
5010
|
# rule_group_reference_statement: {
|
4733
5011
|
# arn: "ResourceArn", # required
|
@@ -4739,6 +5017,11 @@ module Aws::WAFV2
|
|
4739
5017
|
# },
|
4740
5018
|
# ip_set_reference_statement: {
|
4741
5019
|
# arn: "ResourceArn", # required
|
5020
|
+
# ip_set_forwarded_ip_config: {
|
5021
|
+
# header_name: "ForwardedIPHeaderName", # required
|
5022
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
5023
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
5024
|
+
# },
|
4742
5025
|
# },
|
4743
5026
|
# regex_pattern_set_reference_statement: {
|
4744
5027
|
# arn: "ResourceArn", # required
|
@@ -4769,10 +5052,14 @@ module Aws::WAFV2
|
|
4769
5052
|
# },
|
4770
5053
|
# rate_based_statement: {
|
4771
5054
|
# limit: 1, # required
|
4772
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
5055
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
4773
5056
|
# scope_down_statement: {
|
4774
5057
|
# # recursive Statement
|
4775
5058
|
# },
|
5059
|
+
# forwarded_ip_config: {
|
5060
|
+
# header_name: "ForwardedIPHeaderName", # required
|
5061
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
5062
|
+
# },
|
4776
5063
|
# },
|
4777
5064
|
# and_statement: {
|
4778
5065
|
# statements: [ # required
|
@@ -4803,18 +5090,28 @@ module Aws::WAFV2
|
|
4803
5090
|
# ],
|
4804
5091
|
# },
|
4805
5092
|
# },
|
5093
|
+
# forwarded_ip_config: {
|
5094
|
+
# header_name: "ForwardedIPHeaderName", # required
|
5095
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
5096
|
+
# },
|
4806
5097
|
# }
|
4807
5098
|
#
|
4808
5099
|
# @!attribute [rw] limit
|
4809
5100
|
# The limit on requests per 5-minute period for a single originating
|
4810
|
-
# IP address. If the statement includes a `
|
5101
|
+
# IP address. If the statement includes a `ScopeDownStatement`, this
|
4811
5102
|
# limit is applied only to the requests that match the statement.
|
4812
5103
|
# @return [Integer]
|
4813
5104
|
#
|
4814
5105
|
# @!attribute [rw] aggregate_key_type
|
4815
|
-
# Setting that indicates how to aggregate the request counts.
|
4816
|
-
#
|
4817
|
-
#
|
5106
|
+
# Setting that indicates how to aggregate the request counts. The
|
5107
|
+
# options are the following:
|
5108
|
+
#
|
5109
|
+
# * IP - Aggregate the request counts on the IP address from the web
|
5110
|
+
# request origin.
|
5111
|
+
#
|
5112
|
+
# * FORWARDED\_IP - Aggregate the request counts on the first IP
|
5113
|
+
# address in an HTTP header. If you use this, configure the
|
5114
|
+
# `ForwardedIPConfig`, to specify the header to use.
|
4818
5115
|
# @return [String]
|
4819
5116
|
#
|
4820
5117
|
# @!attribute [rw] scope_down_statement
|
@@ -4824,12 +5121,27 @@ module Aws::WAFV2
|
|
4824
5121
|
# this scope-down statement.
|
4825
5122
|
# @return [Types::Statement]
|
4826
5123
|
#
|
5124
|
+
# @!attribute [rw] forwarded_ip_config
|
5125
|
+
# The configuration for inspecting IP addresses in an HTTP header that
|
5126
|
+
# you specify, instead of using the IP address that's reported by the
|
5127
|
+
# web request origin. Commonly, this is the X-Forwarded-For (XFF)
|
5128
|
+
# header, but you can specify any header name.
|
5129
|
+
#
|
5130
|
+
# <note markdown="1"> If the specified header isn't present in the request, AWS WAF
|
5131
|
+
# doesn't apply the rule to the web request at all.
|
5132
|
+
#
|
5133
|
+
# </note>
|
5134
|
+
#
|
5135
|
+
# This is required if `AggregateKeyType` is set to `FORWARDED_IP`.
|
5136
|
+
# @return [Types::ForwardedIPConfig]
|
5137
|
+
#
|
4827
5138
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateBasedStatement AWS API Documentation
|
4828
5139
|
#
|
4829
5140
|
class RateBasedStatement < Struct.new(
|
4830
5141
|
:limit,
|
4831
5142
|
:aggregate_key_type,
|
4832
|
-
:scope_down_statement
|
5143
|
+
:scope_down_statement,
|
5144
|
+
:forwarded_ip_config)
|
4833
5145
|
SENSITIVE = []
|
4834
5146
|
include Aws::Structure
|
4835
5147
|
end
|
@@ -5228,6 +5540,10 @@ module Aws::WAFV2
|
|
5228
5540
|
# },
|
5229
5541
|
# geo_match_statement: {
|
5230
5542
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
5543
|
+
# forwarded_ip_config: {
|
5544
|
+
# header_name: "ForwardedIPHeaderName", # required
|
5545
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
5546
|
+
# },
|
5231
5547
|
# },
|
5232
5548
|
# rule_group_reference_statement: {
|
5233
5549
|
# arn: "ResourceArn", # required
|
@@ -5239,6 +5555,11 @@ module Aws::WAFV2
|
|
5239
5555
|
# },
|
5240
5556
|
# ip_set_reference_statement: {
|
5241
5557
|
# arn: "ResourceArn", # required
|
5558
|
+
# ip_set_forwarded_ip_config: {
|
5559
|
+
# header_name: "ForwardedIPHeaderName", # required
|
5560
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
5561
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
5562
|
+
# },
|
5242
5563
|
# },
|
5243
5564
|
# regex_pattern_set_reference_statement: {
|
5244
5565
|
# arn: "ResourceArn", # required
|
@@ -5269,10 +5590,14 @@ module Aws::WAFV2
|
|
5269
5590
|
# },
|
5270
5591
|
# rate_based_statement: {
|
5271
5592
|
# limit: 1, # required
|
5272
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
5593
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
5273
5594
|
# scope_down_statement: {
|
5274
5595
|
# # recursive Statement
|
5275
5596
|
# },
|
5597
|
+
# forwarded_ip_config: {
|
5598
|
+
# header_name: "ForwardedIPHeaderName", # required
|
5599
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
5600
|
+
# },
|
5276
5601
|
# },
|
5277
5602
|
# and_statement: {
|
5278
5603
|
# statements: [ # required
|
@@ -5728,7 +6053,7 @@ module Aws::WAFV2
|
|
5728
6053
|
# groups, the format for this name is `<vendor name>#<managed rule
|
5729
6054
|
# group name>#<rule name>`. For your own rule groups, the format for
|
5730
6055
|
# this name is `<rule group name>#<rule name>`. If the rule is not in
|
5731
|
-
# a rule group,
|
6056
|
+
# a rule group, this field is absent.
|
5732
6057
|
# @return [String]
|
5733
6058
|
#
|
5734
6059
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
|
@@ -6106,6 +6431,10 @@ module Aws::WAFV2
|
|
6106
6431
|
# },
|
6107
6432
|
# geo_match_statement: {
|
6108
6433
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
6434
|
+
# forwarded_ip_config: {
|
6435
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6436
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6437
|
+
# },
|
6109
6438
|
# },
|
6110
6439
|
# rule_group_reference_statement: {
|
6111
6440
|
# arn: "ResourceArn", # required
|
@@ -6117,6 +6446,11 @@ module Aws::WAFV2
|
|
6117
6446
|
# },
|
6118
6447
|
# ip_set_reference_statement: {
|
6119
6448
|
# arn: "ResourceArn", # required
|
6449
|
+
# ip_set_forwarded_ip_config: {
|
6450
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6451
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6452
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
6453
|
+
# },
|
6120
6454
|
# },
|
6121
6455
|
# regex_pattern_set_reference_statement: {
|
6122
6456
|
# arn: "ResourceArn", # required
|
@@ -6147,7 +6481,7 @@ module Aws::WAFV2
|
|
6147
6481
|
# },
|
6148
6482
|
# rate_based_statement: {
|
6149
6483
|
# limit: 1, # required
|
6150
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
6484
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
6151
6485
|
# scope_down_statement: {
|
6152
6486
|
# byte_match_statement: {
|
6153
6487
|
# search_string: "data", # required
|
@@ -6259,6 +6593,10 @@ module Aws::WAFV2
|
|
6259
6593
|
# },
|
6260
6594
|
# geo_match_statement: {
|
6261
6595
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
6596
|
+
# forwarded_ip_config: {
|
6597
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6598
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6599
|
+
# },
|
6262
6600
|
# },
|
6263
6601
|
# rule_group_reference_statement: {
|
6264
6602
|
# arn: "ResourceArn", # required
|
@@ -6270,6 +6608,11 @@ module Aws::WAFV2
|
|
6270
6608
|
# },
|
6271
6609
|
# ip_set_reference_statement: {
|
6272
6610
|
# arn: "ResourceArn", # required
|
6611
|
+
# ip_set_forwarded_ip_config: {
|
6612
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6613
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6614
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
6615
|
+
# },
|
6273
6616
|
# },
|
6274
6617
|
# regex_pattern_set_reference_statement: {
|
6275
6618
|
# arn: "ResourceArn", # required
|
@@ -6330,6 +6673,10 @@ module Aws::WAFV2
|
|
6330
6673
|
# ],
|
6331
6674
|
# },
|
6332
6675
|
# },
|
6676
|
+
# forwarded_ip_config: {
|
6677
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6678
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6679
|
+
# },
|
6333
6680
|
# },
|
6334
6681
|
# and_statement: {
|
6335
6682
|
# statements: [ # required
|
@@ -6444,6 +6791,10 @@ module Aws::WAFV2
|
|
6444
6791
|
# },
|
6445
6792
|
# geo_match_statement: {
|
6446
6793
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
6794
|
+
# forwarded_ip_config: {
|
6795
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6796
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6797
|
+
# },
|
6447
6798
|
# },
|
6448
6799
|
# rule_group_reference_statement: {
|
6449
6800
|
# arn: "ResourceArn", # required
|
@@ -6455,6 +6806,11 @@ module Aws::WAFV2
|
|
6455
6806
|
# },
|
6456
6807
|
# ip_set_reference_statement: {
|
6457
6808
|
# arn: "ResourceArn", # required
|
6809
|
+
# ip_set_forwarded_ip_config: {
|
6810
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6811
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6812
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
6813
|
+
# },
|
6458
6814
|
# },
|
6459
6815
|
# regex_pattern_set_reference_statement: {
|
6460
6816
|
# arn: "ResourceArn", # required
|
@@ -6485,10 +6841,14 @@ module Aws::WAFV2
|
|
6485
6841
|
# },
|
6486
6842
|
# rate_based_statement: {
|
6487
6843
|
# limit: 1, # required
|
6488
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
6844
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
6489
6845
|
# scope_down_statement: {
|
6490
6846
|
# # recursive Statement
|
6491
6847
|
# },
|
6848
|
+
# forwarded_ip_config: {
|
6849
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6850
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6851
|
+
# },
|
6492
6852
|
# },
|
6493
6853
|
# and_statement: {
|
6494
6854
|
# # recursive AndStatement
|
@@ -6628,6 +6988,10 @@ module Aws::WAFV2
|
|
6628
6988
|
# },
|
6629
6989
|
# geo_match_statement: {
|
6630
6990
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
6991
|
+
# forwarded_ip_config: {
|
6992
|
+
# header_name: "ForwardedIPHeaderName", # required
|
6993
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
6994
|
+
# },
|
6631
6995
|
# },
|
6632
6996
|
# rule_group_reference_statement: {
|
6633
6997
|
# arn: "ResourceArn", # required
|
@@ -6639,6 +7003,11 @@ module Aws::WAFV2
|
|
6639
7003
|
# },
|
6640
7004
|
# ip_set_reference_statement: {
|
6641
7005
|
# arn: "ResourceArn", # required
|
7006
|
+
# ip_set_forwarded_ip_config: {
|
7007
|
+
# header_name: "ForwardedIPHeaderName", # required
|
7008
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
7009
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
7010
|
+
# },
|
6642
7011
|
# },
|
6643
7012
|
# regex_pattern_set_reference_statement: {
|
6644
7013
|
# arn: "ResourceArn", # required
|
@@ -6669,10 +7038,14 @@ module Aws::WAFV2
|
|
6669
7038
|
# },
|
6670
7039
|
# rate_based_statement: {
|
6671
7040
|
# limit: 1, # required
|
6672
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
7041
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
6673
7042
|
# scope_down_statement: {
|
6674
7043
|
# # recursive Statement
|
6675
7044
|
# },
|
7045
|
+
# forwarded_ip_config: {
|
7046
|
+
# header_name: "ForwardedIPHeaderName", # required
|
7047
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
7048
|
+
# },
|
6676
7049
|
# },
|
6677
7050
|
# and_statement: {
|
6678
7051
|
# statements: { # required
|
@@ -6811,6 +7184,10 @@ module Aws::WAFV2
|
|
6811
7184
|
# },
|
6812
7185
|
# geo_match_statement: {
|
6813
7186
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
7187
|
+
# forwarded_ip_config: {
|
7188
|
+
# header_name: "ForwardedIPHeaderName", # required
|
7189
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
7190
|
+
# },
|
6814
7191
|
# },
|
6815
7192
|
# rule_group_reference_statement: {
|
6816
7193
|
# arn: "ResourceArn", # required
|
@@ -6822,6 +7199,11 @@ module Aws::WAFV2
|
|
6822
7199
|
# },
|
6823
7200
|
# ip_set_reference_statement: {
|
6824
7201
|
# arn: "ResourceArn", # required
|
7202
|
+
# ip_set_forwarded_ip_config: {
|
7203
|
+
# header_name: "ForwardedIPHeaderName", # required
|
7204
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
7205
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
7206
|
+
# },
|
6825
7207
|
# },
|
6826
7208
|
# regex_pattern_set_reference_statement: {
|
6827
7209
|
# arn: "ResourceArn", # required
|
@@ -6852,10 +7234,14 @@ module Aws::WAFV2
|
|
6852
7234
|
# },
|
6853
7235
|
# rate_based_statement: {
|
6854
7236
|
# limit: 1, # required
|
6855
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
7237
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
6856
7238
|
# scope_down_statement: {
|
6857
7239
|
# # recursive Statement
|
6858
7240
|
# },
|
7241
|
+
# forwarded_ip_config: {
|
7242
|
+
# header_name: "ForwardedIPHeaderName", # required
|
7243
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
7244
|
+
# },
|
6859
7245
|
# },
|
6860
7246
|
# and_statement: {
|
6861
7247
|
# statements: [ # required
|
@@ -7079,12 +7465,19 @@ module Aws::WAFV2
|
|
7079
7465
|
#
|
7080
7466
|
# </note>
|
7081
7467
|
#
|
7082
|
-
# A
|
7083
|
-
#
|
7084
|
-
#
|
7085
|
-
#
|
7086
|
-
#
|
7087
|
-
#
|
7468
|
+
# A tag associated with an AWS resource. Tags are key:value pairs that
|
7469
|
+
# you can use to categorize and manage your resources, for purposes like
|
7470
|
+
# billing or other management. Typically, the tag key represents a
|
7471
|
+
# category, such as "environment", and the tag value represents a
|
7472
|
+
# specific value within that category, such as "test,"
|
7473
|
+
# "development," or "production". Or you might set the tag key to
|
7474
|
+
# "customer" and the value to the customer name or ID. You can specify
|
7475
|
+
# one or more tags to add to each AWS resource, up to 50 tags for a
|
7476
|
+
# resource.
|
7477
|
+
#
|
7478
|
+
# You can tag the AWS resources that you manage through AWS WAF: web
|
7479
|
+
# ACLs, rule groups, IP sets, and regex pattern sets. You can't manage
|
7480
|
+
# or view tags through the AWS WAF console.
|
7088
7481
|
#
|
7089
7482
|
#
|
7090
7483
|
#
|
@@ -7126,7 +7519,19 @@ module Aws::WAFV2
|
|
7126
7519
|
#
|
7127
7520
|
# </note>
|
7128
7521
|
#
|
7129
|
-
# The collection of tagging definitions for an AWS resource.
|
7522
|
+
# The collection of tagging definitions for an AWS resource. Tags are
|
7523
|
+
# key:value pairs that you can use to categorize and manage your
|
7524
|
+
# resources, for purposes like billing or other management. Typically,
|
7525
|
+
# the tag key represents a category, such as "environment", and the
|
7526
|
+
# tag value represents a specific value within that category, such as
|
7527
|
+
# "test," "development," or "production". Or you might set the tag
|
7528
|
+
# key to "customer" and the value to the customer name or ID. You can
|
7529
|
+
# specify one or more tags to add to each AWS resource, up to 50 tags
|
7530
|
+
# for a resource.
|
7531
|
+
#
|
7532
|
+
# You can tag the AWS resources that you manage through AWS WAF: web
|
7533
|
+
# ACLs, rule groups, IP sets, and regex pattern sets. You can't manage
|
7534
|
+
# or view tags through the AWS WAF console.
|
7130
7535
|
#
|
7131
7536
|
#
|
7132
7537
|
#
|
@@ -7305,6 +7710,11 @@ module Aws::WAFV2
|
|
7305
7710
|
# specify the time range for which you want AWS WAF to return a sample
|
7306
7711
|
# of web requests.
|
7307
7712
|
#
|
7713
|
+
# You must specify the times in Coordinated Universal Time (UTC) format.
|
7714
|
+
# UTC format includes the special designator, `Z`. For example,
|
7715
|
+
# `"2016-09-27T14:50Z"`. You can specify any time range in the previous
|
7716
|
+
# three hours.
|
7717
|
+
#
|
7308
7718
|
# In a GetSampledRequests response, the `StartTime` and `EndTime`
|
7309
7719
|
# objects specify the time range for which AWS WAF actually returned a
|
7310
7720
|
# sample of web requests. AWS WAF gets the specified number of requests
|
@@ -7329,17 +7739,19 @@ module Aws::WAFV2
|
|
7329
7739
|
# @!attribute [rw] start_time
|
7330
7740
|
# The beginning of the time range from which you want
|
7331
7741
|
# `GetSampledRequests` to return a sample of the requests that your
|
7332
|
-
# AWS resource received.
|
7333
|
-
#
|
7334
|
-
#
|
7742
|
+
# AWS resource received. You must specify the times in Coordinated
|
7743
|
+
# Universal Time (UTC) format. UTC format includes the special
|
7744
|
+
# designator, `Z`. For example, `"2016-09-27T14:50Z"`. You can specify
|
7745
|
+
# any time range in the previous three hours.
|
7335
7746
|
# @return [Time]
|
7336
7747
|
#
|
7337
7748
|
# @!attribute [rw] end_time
|
7338
7749
|
# The end of the time range from which you want `GetSampledRequests`
|
7339
7750
|
# to return a sample of the requests that your AWS resource received.
|
7340
|
-
#
|
7341
|
-
#
|
7342
|
-
#
|
7751
|
+
# You must specify the times in Coordinated Universal Time (UTC)
|
7752
|
+
# format. UTC format includes the special designator, `Z`. For
|
7753
|
+
# example, `"2016-09-27T14:50Z"`. You can specify any time range in
|
7754
|
+
# the previous three hours.
|
7343
7755
|
# @return [Time]
|
7344
7756
|
#
|
7345
7757
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TimeWindow AWS API Documentation
|
@@ -7708,6 +8120,10 @@ module Aws::WAFV2
|
|
7708
8120
|
# },
|
7709
8121
|
# geo_match_statement: {
|
7710
8122
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
8123
|
+
# forwarded_ip_config: {
|
8124
|
+
# header_name: "ForwardedIPHeaderName", # required
|
8125
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
8126
|
+
# },
|
7711
8127
|
# },
|
7712
8128
|
# rule_group_reference_statement: {
|
7713
8129
|
# arn: "ResourceArn", # required
|
@@ -7719,6 +8135,11 @@ module Aws::WAFV2
|
|
7719
8135
|
# },
|
7720
8136
|
# ip_set_reference_statement: {
|
7721
8137
|
# arn: "ResourceArn", # required
|
8138
|
+
# ip_set_forwarded_ip_config: {
|
8139
|
+
# header_name: "ForwardedIPHeaderName", # required
|
8140
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
8141
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
8142
|
+
# },
|
7722
8143
|
# },
|
7723
8144
|
# regex_pattern_set_reference_statement: {
|
7724
8145
|
# arn: "ResourceArn", # required
|
@@ -7749,10 +8170,14 @@ module Aws::WAFV2
|
|
7749
8170
|
# },
|
7750
8171
|
# rate_based_statement: {
|
7751
8172
|
# limit: 1, # required
|
7752
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
8173
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
7753
8174
|
# scope_down_statement: {
|
7754
8175
|
# # recursive Statement
|
7755
8176
|
# },
|
8177
|
+
# forwarded_ip_config: {
|
8178
|
+
# header_name: "ForwardedIPHeaderName", # required
|
8179
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
8180
|
+
# },
|
7756
8181
|
# },
|
7757
8182
|
# and_statement: {
|
7758
8183
|
# statements: [ # required
|
@@ -8023,6 +8448,10 @@ module Aws::WAFV2
|
|
8023
8448
|
# },
|
8024
8449
|
# geo_match_statement: {
|
8025
8450
|
# country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
|
8451
|
+
# forwarded_ip_config: {
|
8452
|
+
# header_name: "ForwardedIPHeaderName", # required
|
8453
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
8454
|
+
# },
|
8026
8455
|
# },
|
8027
8456
|
# rule_group_reference_statement: {
|
8028
8457
|
# arn: "ResourceArn", # required
|
@@ -8034,6 +8463,11 @@ module Aws::WAFV2
|
|
8034
8463
|
# },
|
8035
8464
|
# ip_set_reference_statement: {
|
8036
8465
|
# arn: "ResourceArn", # required
|
8466
|
+
# ip_set_forwarded_ip_config: {
|
8467
|
+
# header_name: "ForwardedIPHeaderName", # required
|
8468
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
8469
|
+
# position: "FIRST", # required, accepts FIRST, LAST, ANY
|
8470
|
+
# },
|
8037
8471
|
# },
|
8038
8472
|
# regex_pattern_set_reference_statement: {
|
8039
8473
|
# arn: "ResourceArn", # required
|
@@ -8064,10 +8498,14 @@ module Aws::WAFV2
|
|
8064
8498
|
# },
|
8065
8499
|
# rate_based_statement: {
|
8066
8500
|
# limit: 1, # required
|
8067
|
-
# aggregate_key_type: "IP", # required, accepts IP
|
8501
|
+
# aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
|
8068
8502
|
# scope_down_statement: {
|
8069
8503
|
# # recursive Statement
|
8070
8504
|
# },
|
8505
|
+
# forwarded_ip_config: {
|
8506
|
+
# header_name: "ForwardedIPHeaderName", # required
|
8507
|
+
# fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
|
8508
|
+
# },
|
8071
8509
|
# },
|
8072
8510
|
# and_statement: {
|
8073
8511
|
# statements: [ # required
|
@@ -8279,11 +8717,11 @@ module Aws::WAFV2
|
|
8279
8717
|
# @return [Boolean]
|
8280
8718
|
#
|
8281
8719
|
# @!attribute [rw] metric_name
|
8282
|
-
# A name of the CloudWatch metric. The name can contain only
|
8283
|
-
#
|
8284
|
-
# characters. It can't contain whitespace
|
8285
|
-
# for AWS WAF, for example "All" and
|
8286
|
-
#
|
8720
|
+
# A name of the CloudWatch metric. The name can contain only the
|
8721
|
+
# characters: A-Z, a-z, 0-9, - (hyphen), and \_ (underscore). The name
|
8722
|
+
# can be from one to 128 characters long. It can't contain whitespace
|
8723
|
+
# or metric names reserved for AWS WAF, for example "All" and
|
8724
|
+
# "Default\_Action."
|
8287
8725
|
# @return [String]
|
8288
8726
|
#
|
8289
8727
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/VisibilityConfig AWS API Documentation
|