aws-sdk-wafv2 1.68.0 → 1.69.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55bfda004eba480991c75c6b64ae9e27a276f5634a2a642a5fb5250b1b528c75
-  data.tar.gz: 6be1ea7c0b782202a5eeb080fc572df75da8fb2c56cb16d886ce65fa6ed2aaad
+  metadata.gz: f159993614dfc0b2e74f8acfc8e623dfbfd72392d54952ee2b572700b39da53e
+  data.tar.gz: 3e35418199afa443c85d88ac64daaf5487aa92966c4e978d8429974d935976b1
 SHA512:
-  metadata.gz: 0ede4328b57c11dfdc743583e0ebff19b960a04426ffaf0b8b35d975e68b4e53eff3272e3e979583eaa286ad09adec2a69b5c78f8ea981b66683d80687789403
-  data.tar.gz: ae1f655544dd8bb38e75cde4079ff7bc9bb75abb57abdd6b81e3377e7ad68dd31dd46a6c2650b508872672c07dfaf087369e89dc4f874620c4fdafa578195c8d
+  metadata.gz: 1843c4c836d7d3db31c5b161b4ada940e32acf1b9281a5500d5e1c25be4403662652423888df27c97d525ed78a1baffaaaaae09196050072cbec76760b37266a
+  data.tar.gz: 5328f18b64890f79f90e151910bcc3639a9a5e6e5e742e33054f795e13e9b257e6a89be75373a88b398253ec645095caed9dd146a9b97ae9261a02b9d7acd20f

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.69.0 (2023-09-25)
+------------------
+
+* Feature - You can now perform an exact match against the web request's JA3 fingerprint.
+
 1.68.0 (2023-09-06)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.68.0
+1.69.0

data/lib/aws-sdk-wafv2/client.rb

@@ -580,6 +580,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -641,6 +644,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -702,6 +708,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -762,6 +771,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
     #             size: 1, # required
@@ -907,6 +919,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -1226,6 +1241,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -1436,25 +1454,25 @@ module Aws::WAFV2
     #
     # @option params [required, Array<String>] :addresses
     #   Contains an array of strings that specifies zero or more IP addresses
-    #   or blocks of IP addresses. All addresses must be specified using
-    #   Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4
-    #   and IPv6 CIDR ranges except for `/0`.
+    #   or blocks of IP addresses that you want WAF to inspect for in incoming
+    #   requests. All addresses must be specified using Classless Inter-Domain
+    #   Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges
+    #   except for `/0`.
     #
     #   Example address strings:
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from the IP address 192.0.2.44, specify `192.0.2.44/32`.
+    #   * For requests that originated from the IP address 192.0.2.44, specify
+    #     `192.0.2.44/32`.
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
-    #     `192.0.2.0/24`.
+    #   * For requests that originated from IP addresses from 192.0.2.0 to
+    #     192.0.2.255, specify `192.0.2.0/24`.
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+    #   * For requests that originated from the IP address
+    #     1111:0000:0000:0000:0000:0000:0000:0111, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+    #   * For requests that originated from IP addresses
+    #     1111:0000:0000:0000:0000:0000:0000:0000 to
     #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
     #
@@ -1641,9 +1659,9 @@ module Aws::WAFV2
     #
     # @option params [Array<Types::Rule>] :rules
     #   The Rule statements used to identify the web requests that you want to
-    #   allow, block, or count. Each rule includes one top-level statement
-    #   that WAF uses to identify matching web requests, and parameters that
-    #   govern how WAF handles them.
+    #   manage. Each rule includes one top-level statement that WAF uses to
+    #   identify matching web requests, and parameters that govern how WAF
+    #   handles them.
     #
     # @option params [required, Types::VisibilityConfig] :visibility_config
     #   Defines and enables Amazon CloudWatch metrics and web request sample
@@ -1740,6 +1758,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -1801,6 +1822,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -1862,6 +1886,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -1922,6 +1949,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
     #             size: 1, # required
@@ -2067,6 +2097,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -2386,6 +2419,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -2524,16 +2560,17 @@ module Aws::WAFV2
     # Creates a WebACL per the specifications provided.
     #
     # A web ACL defines a collection of rules to use to inspect and control
-    # web requests. Each rule has an action defined (allow, block, or count)
-    # for requests that match the statement of the rule. In the web ACL, you
-    # assign a default action to take (allow, block) for any request that
-    # does not match any of the rules. The rules in a web ACL can be a
-    # combination of the types Rule, RuleGroup, and managed rule group. You
-    # can associate a web ACL with one or more Amazon Web Services resources
-    # to protect. The resources can be an Amazon CloudFront distribution, an
-    # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-    # GraphQL API, an Amazon Cognito user pool, an App Runner service, or an
-    # Amazon Web Services Verified Access instance.
+    # web requests. Each rule has a statement that defines what to look for
+    # in web requests and an action that WAF applies to requests that match
+    # the statement. In the web ACL, you assign a default action to take
+    # (allow, block) for any request that does not match any of the rules.
+    # The rules in a web ACL can be a combination of the types Rule,
+    # RuleGroup, and managed rule group. You can associate a web ACL with
+    # one or more Amazon Web Services resources to protect. The resources
+    # can be an Amazon CloudFront distribution, an Amazon API Gateway REST
+    # API, an Application Load Balancer, an AppSync GraphQL API, an Amazon
+    # Cognito user pool, an App Runner service, or an Amazon Web Services
+    # Verified Access instance.
     #
     # @option params [required, String] :name
     #   The name of the web ACL. You cannot change the name of a web ACL after
@@ -2563,9 +2600,9 @@ module Aws::WAFV2
     #
     # @option params [Array<Types::Rule>] :rules
     #   The Rule statements used to identify the web requests that you want to
-    #   allow, block, or count. Each rule includes one top-level statement
-    #   that WAF uses to identify matching web requests, and parameters that
-    #   govern how WAF handles them.
+    #   manage. Each rule includes one top-level statement that WAF uses to
+    #   identify matching web requests, and parameters that govern how WAF
+    #   handles them.
     #
     # @option params [required, Types::VisibilityConfig] :visibility_config
     #   Defines and enables Amazon CloudWatch metrics and web request sample
@@ -2729,6 +2766,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -2790,6 +2830,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -2851,6 +2894,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -2911,6 +2957,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
     #             size: 1, # required
@@ -3056,6 +3105,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -3375,6 +3427,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -4337,6 +4392,7 @@ module Aws::WAFV2
     #   resp.logging_configuration.redacted_fields[0].cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.logging_configuration.redacted_fields[0].cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.logging_configuration.redacted_fields[0].header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.logging_configuration.redacted_fields[0].ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.logging_configuration.managed_by_firewall_manager #=> Boolean
     #   resp.logging_configuration.logging_filter.filters #=> Array
     #   resp.logging_configuration.logging_filter.filters[0].behavior #=> String, one of "KEEP", "DROP"
@@ -4736,6 +4792,7 @@ module Aws::WAFV2
     #   resp.rule_group.rules[0].statement.byte_match_statement.field_to_match.cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.rule_group.rules[0].statement.byte_match_statement.field_to_match.cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.byte_match_statement.field_to_match.header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.rule_group.rules[0].statement.byte_match_statement.field_to_match.ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.byte_match_statement.text_transformations #=> Array
     #   resp.rule_group.rules[0].statement.byte_match_statement.text_transformations[0].priority #=> Integer
     #   resp.rule_group.rules[0].statement.byte_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE", "BASE64_DECODE", "HEX_DECODE", "MD5", "REPLACE_COMMENTS", "ESCAPE_SEQ_DECODE", "SQL_HEX_DECODE", "CSS_DECODE", "JS_DECODE", "NORMALIZE_PATH", "NORMALIZE_PATH_WIN", "REMOVE_NULLS", "REPLACE_NULLS", "BASE64_DECODE_EXT", "URL_DECODE_UNI", "UTF8_TO_UNICODE"
@@ -4761,6 +4818,7 @@ module Aws::WAFV2
     #   resp.rule_group.rules[0].statement.sqli_match_statement.field_to_match.cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.rule_group.rules[0].statement.sqli_match_statement.field_to_match.cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.sqli_match_statement.field_to_match.header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.rule_group.rules[0].statement.sqli_match_statement.field_to_match.ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.sqli_match_statement.text_transformations #=> Array
     #   resp.rule_group.rules[0].statement.sqli_match_statement.text_transformations[0].priority #=> Integer
     #   resp.rule_group.rules[0].statement.sqli_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE", "BASE64_DECODE", "HEX_DECODE", "MD5", "REPLACE_COMMENTS", "ESCAPE_SEQ_DECODE", "SQL_HEX_DECODE", "CSS_DECODE", "JS_DECODE", "NORMALIZE_PATH", "NORMALIZE_PATH_WIN", "REMOVE_NULLS", "REPLACE_NULLS", "BASE64_DECODE_EXT", "URL_DECODE_UNI", "UTF8_TO_UNICODE"
@@ -4786,6 +4844,7 @@ module Aws::WAFV2
     #   resp.rule_group.rules[0].statement.xss_match_statement.field_to_match.cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.rule_group.rules[0].statement.xss_match_statement.field_to_match.cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.xss_match_statement.field_to_match.header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.rule_group.rules[0].statement.xss_match_statement.field_to_match.ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.xss_match_statement.text_transformations #=> Array
     #   resp.rule_group.rules[0].statement.xss_match_statement.text_transformations[0].priority #=> Integer
     #   resp.rule_group.rules[0].statement.xss_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE", "BASE64_DECODE", "HEX_DECODE", "MD5", "REPLACE_COMMENTS", "ESCAPE_SEQ_DECODE", "SQL_HEX_DECODE", "CSS_DECODE", "JS_DECODE", "NORMALIZE_PATH", "NORMALIZE_PATH_WIN", "REMOVE_NULLS", "REPLACE_NULLS", "BASE64_DECODE_EXT", "URL_DECODE_UNI", "UTF8_TO_UNICODE"
@@ -4810,6 +4869,7 @@ module Aws::WAFV2
     #   resp.rule_group.rules[0].statement.size_constraint_statement.field_to_match.cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.rule_group.rules[0].statement.size_constraint_statement.field_to_match.cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.size_constraint_statement.field_to_match.header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.rule_group.rules[0].statement.size_constraint_statement.field_to_match.ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.size_constraint_statement.comparison_operator #=> String, one of "EQ", "NE", "LE", "LT", "GE", "GT"
     #   resp.rule_group.rules[0].statement.size_constraint_statement.size #=> Integer
     #   resp.rule_group.rules[0].statement.size_constraint_statement.text_transformations #=> Array
@@ -4867,6 +4927,7 @@ module Aws::WAFV2
     #   resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.text_transformations #=> Array
     #   resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].priority #=> Integer
     #   resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE", "BASE64_DECODE", "HEX_DECODE", "MD5", "REPLACE_COMMENTS", "ESCAPE_SEQ_DECODE", "SQL_HEX_DECODE", "CSS_DECODE", "JS_DECODE", "NORMALIZE_PATH", "NORMALIZE_PATH_WIN", "REMOVE_NULLS", "REPLACE_NULLS", "BASE64_DECODE_EXT", "URL_DECODE_UNI", "UTF8_TO_UNICODE"
@@ -5008,6 +5069,7 @@ module Aws::WAFV2
     #   resp.rule_group.rules[0].statement.regex_match_statement.field_to_match.cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.rule_group.rules[0].statement.regex_match_statement.field_to_match.cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.regex_match_statement.field_to_match.header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.rule_group.rules[0].statement.regex_match_statement.field_to_match.ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.rule_group.rules[0].statement.regex_match_statement.text_transformations #=> Array
     #   resp.rule_group.rules[0].statement.regex_match_statement.text_transformations[0].priority #=> Integer
     #   resp.rule_group.rules[0].statement.regex_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE", "BASE64_DECODE", "HEX_DECODE", "MD5", "REPLACE_COMMENTS", "ESCAPE_SEQ_DECODE", "SQL_HEX_DECODE", "CSS_DECODE", "JS_DECODE", "NORMALIZE_PATH", "NORMALIZE_PATH_WIN", "REMOVE_NULLS", "REPLACE_NULLS", "BASE64_DECODE_EXT", "URL_DECODE_UNI", "UTF8_TO_UNICODE"
@@ -5616,6 +5678,7 @@ module Aws::WAFV2
     #   resp.logging_configurations[0].redacted_fields[0].cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.logging_configurations[0].redacted_fields[0].cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.logging_configurations[0].redacted_fields[0].header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.logging_configurations[0].redacted_fields[0].ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.logging_configurations[0].managed_by_firewall_manager #=> Boolean
     #   resp.logging_configurations[0].logging_filter.filters #=> Array
     #   resp.logging_configurations[0].logging_filter.filters[0].behavior #=> String, one of "KEEP", "DROP"
@@ -6178,6 +6241,9 @@ module Aws::WAFV2
     #           header_order: {
     #             oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #           },
+    #           ja3_fingerprint: {
+    #             fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #           },
     #         },
     #       ],
     #       managed_by_firewall_manager: false,
@@ -6230,6 +6296,7 @@ module Aws::WAFV2
     #   resp.logging_configuration.redacted_fields[0].cookies.match_scope #=> String, one of "ALL", "KEY", "VALUE"
     #   resp.logging_configuration.redacted_fields[0].cookies.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
     #   resp.logging_configuration.redacted_fields[0].header_order.oversize_handling #=> String, one of "CONTINUE", "MATCH", "NO_MATCH"
+    #   resp.logging_configuration.redacted_fields[0].ja3_fingerprint.fallback_behavior #=> String, one of "MATCH", "NO_MATCH"
     #   resp.logging_configuration.managed_by_firewall_manager #=> Boolean
     #   resp.logging_configuration.logging_filter.filters #=> Array
     #   resp.logging_configuration.logging_filter.filters[0].behavior #=> String, one of "KEEP", "DROP"
@@ -6546,25 +6613,25 @@ module Aws::WAFV2
     #
     # @option params [required, Array<String>] :addresses
     #   Contains an array of strings that specifies zero or more IP addresses
-    #   or blocks of IP addresses. All addresses must be specified using
-    #   Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4
-    #   and IPv6 CIDR ranges except for `/0`.
+    #   or blocks of IP addresses that you want WAF to inspect for in incoming
+    #   requests. All addresses must be specified using Classless Inter-Domain
+    #   Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges
+    #   except for `/0`.
     #
     #   Example address strings:
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from the IP address 192.0.2.44, specify `192.0.2.44/32`.
+    #   * For requests that originated from the IP address 192.0.2.44, specify
+    #     `192.0.2.44/32`.
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
-    #     `192.0.2.0/24`.
+    #   * For requests that originated from IP addresses from 192.0.2.0 to
+    #     192.0.2.255, specify `192.0.2.0/24`.
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+    #   * For requests that originated from the IP address
+    #     1111:0000:0000:0000:0000:0000:0000:0111, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
     #
-    #   * To configure WAF to allow, block, or count requests that originated
-    #     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+    #   * For requests that originated from IP addresses
+    #     1111:0000:0000:0000:0000:0000:0000:0000 to
     #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
     #
@@ -6886,9 +6953,9 @@ module Aws::WAFV2
     #
     # @option params [Array<Types::Rule>] :rules
     #   The Rule statements used to identify the web requests that you want to
-    #   allow, block, or count. Each rule includes one top-level statement
-    #   that WAF uses to identify matching web requests, and parameters that
-    #   govern how WAF handles them.
+    #   manage. Each rule includes one top-level statement that WAF uses to
+    #   identify matching web requests, and parameters that govern how WAF
+    #   handles them.
     #
     # @option params [required, Types::VisibilityConfig] :visibility_config
     #   Defines and enables Amazon CloudWatch metrics and web request sample
@@ -6992,6 +7059,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -7053,6 +7123,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -7114,6 +7187,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -7174,6 +7250,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
     #             size: 1, # required
@@ -7319,6 +7398,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -7638,6 +7720,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -7797,16 +7882,17 @@ module Aws::WAFV2
     # Generally, any inconsistencies of this type last only a few seconds.
     #
     # A web ACL defines a collection of rules to use to inspect and control
-    # web requests. Each rule has an action defined (allow, block, or count)
-    # for requests that match the statement of the rule. In the web ACL, you
-    # assign a default action to take (allow, block) for any request that
-    # does not match any of the rules. The rules in a web ACL can be a
-    # combination of the types Rule, RuleGroup, and managed rule group. You
-    # can associate a web ACL with one or more Amazon Web Services resources
-    # to protect. The resources can be an Amazon CloudFront distribution, an
-    # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-    # GraphQL API, an Amazon Cognito user pool, an App Runner service, or an
-    # Amazon Web Services Verified Access instance.
+    # web requests. Each rule has a statement that defines what to look for
+    # in web requests and an action that WAF applies to requests that match
+    # the statement. In the web ACL, you assign a default action to take
+    # (allow, block) for any request that does not match any of the rules.
+    # The rules in a web ACL can be a combination of the types Rule,
+    # RuleGroup, and managed rule group. You can associate a web ACL with
+    # one or more Amazon Web Services resources to protect. The resources
+    # can be an Amazon CloudFront distribution, an Amazon API Gateway REST
+    # API, an Application Load Balancer, an AppSync GraphQL API, an Amazon
+    # Cognito user pool, an App Runner service, or an Amazon Web Services
+    # Verified Access instance.
     #
     # @option params [required, String] :name
     #   The name of the web ACL. You cannot change the name of a web ACL after
@@ -7841,9 +7927,9 @@ module Aws::WAFV2
     #
     # @option params [Array<Types::Rule>] :rules
     #   The Rule statements used to identify the web requests that you want to
-    #   allow, block, or count. Each rule includes one top-level statement
-    #   that WAF uses to identify matching web requests, and parameters that
-    #   govern how WAF handles them.
+    #   manage. Each rule includes one top-level statement that WAF uses to
+    #   identify matching web requests, and parameters that govern how WAF
+    #   handles them.
     #
     # @option params [required, Types::VisibilityConfig] :visibility_config
     #   Defines and enables Amazon CloudWatch metrics and web request sample
@@ -8015,6 +8101,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -8076,6 +8165,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -8137,6 +8229,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -8197,6 +8292,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
     #             size: 1, # required
@@ -8342,6 +8440,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -8661,6 +8762,9 @@ module Aws::WAFV2
     #               header_order: {
     #                 oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
     #               },
+    #               ja3_fingerprint: {
+    #                 fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
+    #               },
     #             },
     #             text_transformations: [ # required
     #               {
@@ -8818,7 +8922,7 @@ module Aws::WAFV2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-wafv2'
-      context[:gem_version] = '1.68.0'
+      context[:gem_version] = '1.69.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-wafv2/client_api.rb

@@ -176,6 +176,7 @@ module Aws::WAFV2
     IPString = Shapes::StringShape.new(name: 'IPString')
     ImmunityTimeProperty = Shapes::StructureShape.new(name: 'ImmunityTimeProperty')
     InspectionLevel = Shapes::StringShape.new(name: 'InspectionLevel')
+    JA3Fingerprint = Shapes::StructureShape.new(name: 'JA3Fingerprint')
     JsonBody = Shapes::StructureShape.new(name: 'JsonBody')
     JsonMatchPattern = Shapes::StructureShape.new(name: 'JsonMatchPattern')
     JsonMatchScope = Shapes::StringShape.new(name: 'JsonMatchScope')
@@ -717,6 +718,7 @@ module Aws::WAFV2
     FieldToMatch.add_member(:headers, Shapes::ShapeRef.new(shape: Headers, location_name: "Headers"))
     FieldToMatch.add_member(:cookies, Shapes::ShapeRef.new(shape: Cookies, location_name: "Cookies"))
     FieldToMatch.add_member(:header_order, Shapes::ShapeRef.new(shape: HeaderOrder, location_name: "HeaderOrder"))
+    FieldToMatch.add_member(:ja3_fingerprint, Shapes::ShapeRef.new(shape: JA3Fingerprint, location_name: "JA3Fingerprint"))
     FieldToMatch.struct_class = Types::FieldToMatch
 
     Filter.add_member(:behavior, Shapes::ShapeRef.new(shape: FilterBehavior, required: true, location_name: "Behavior"))
@@ -917,6 +919,9 @@ module Aws::WAFV2
     ImmunityTimeProperty.add_member(:immunity_time, Shapes::ShapeRef.new(shape: TimeWindowSecond, required: true, location_name: "ImmunityTime"))
     ImmunityTimeProperty.struct_class = Types::ImmunityTimeProperty
 
+    JA3Fingerprint.add_member(:fallback_behavior, Shapes::ShapeRef.new(shape: FallbackBehavior, required: true, location_name: "FallbackBehavior"))
+    JA3Fingerprint.struct_class = Types::JA3Fingerprint
+
     JsonBody.add_member(:match_pattern, Shapes::ShapeRef.new(shape: JsonMatchPattern, required: true, location_name: "MatchPattern"))
     JsonBody.add_member(:match_scope, Shapes::ShapeRef.new(shape: JsonMatchScope, required: true, location_name: "MatchScope"))
     JsonBody.add_member(:invalid_fallback_behavior, Shapes::ShapeRef.new(shape: BodyParsingFallbackBehavior, location_name: "InvalidFallbackBehavior"))

data/lib/aws-sdk-wafv2/types.rb

@@ -60,8 +60,13 @@ module Aws::WAFV2
     #   is the page on your website that accepts the completed registration
     #   form for a new user. This page must accept `POST` requests.
     #
-    #   For example, for the URL `https://example.com/web/signup`, you would
-    #   provide the path `/web/signup`.
+    #   For example, for the URL `https://example.com/web/newaccount`, you
+    #   would provide the path `/web/newaccount`. Account creation page
+    #   paths that start with the path that you provide are considered a
+    #   match. For example `/web/newaccount` matches the account creation
+    #   paths `/web/newaccount`, `/web/newaccount/`, `/web/newaccountPage`,
+    #   and `/web/newaccount/thisPage`, but doesn't match the path
+    #   `/home/web/newaccount` or `/website/newaccount`.
     #   @return [String]
     #
     # @!attribute [rw] registration_page_path
@@ -73,8 +78,13 @@ module Aws::WAFV2
     #
     #    </note>
     #
-    #   For example, for the URL `https://example.com/web/register`, you
-    #   would provide the path `/web/register`.
+    #   For example, for the URL `https://example.com/web/registration`, you
+    #   would provide the path `/web/registration`. Registration page paths
+    #   that start with the path that you provide are considered a match.
+    #   For example `/web/registration` matches the registration paths
+    #   `/web/registration`, `/web/registration/`, `/web/registrationPage`,
+    #   and `/web/registration/thisPage`, but doesn't match the path
+    #   `/home/web/registration` or `/website/registration`.
     #   @return [String]
     #
     # @!attribute [rw] request_inspection
@@ -124,7 +134,11 @@ module Aws::WAFV2
     # @!attribute [rw] login_path
     #   The path of the login endpoint for your application. For example,
     #   for the URL `https://example.com/web/login`, you would provide the
-    #   path `/web/login`.
+    #   path `/web/login`. Login paths that start with the path that you
+    #   provide are considered a match. For example `/web/login` matches the
+    #   login paths `/web/login`, `/web/login/`, `/web/loginPage`, and
+    #   `/web/login/thisPage`, but doesn't match the login path
+    #   `/home/web/login` or `/website/login`.
     #
     #   The rule group inspects only HTTP `POST` requests to your specified
     #   login endpoint.
@@ -528,6 +542,10 @@ module Aws::WAFV2
     #   * `UriPath`: The value that you want WAF to search for in the URI
     #     path, for example, `/images/daily-ad.jpg`.
     #
+    #   * `JA3Fingerprint`: The string to match against the web request's
+    #     JA3 fingerprint header. The header contains a hash fingerprint of
+    #     the TLS Client Hello packet for the request.
+    #
     #   * `HeaderOrder`: The comma-separated list of header names to match
     #     for. WAF creates a string that contains the ordered list of header
     #     names, from the headers in the web request, and then matches
@@ -566,7 +584,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @!attribute [rw] positional_constraint
@@ -1085,27 +1103,24 @@ module Aws::WAFV2
     #
     # @!attribute [rw] addresses
     #   Contains an array of strings that specifies zero or more IP
-    #   addresses or blocks of IP addresses. All addresses must be specified
-    #   using Classless Inter-Domain Routing (CIDR) notation. WAF supports
-    #   all IPv4 and IPv6 CIDR ranges except for `/0`.
+    #   addresses or blocks of IP addresses that you want WAF to inspect for
+    #   in incoming requests. All addresses must be specified using
+    #   Classless Inter-Domain Routing (CIDR) notation. WAF supports all
+    #   IPv4 and IPv6 CIDR ranges except for `/0`.
     #
     #   Example address strings:
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from the IP address 192.0.2.44, specify
-    #     `192.0.2.44/32`.
+    #   * For requests that originated from the IP address 192.0.2.44,
+    #     specify `192.0.2.44/32`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from IP addresses from 192.0.2.0 to 192.0.2.255,
-    #     specify `192.0.2.0/24`.
+    #   * For requests that originated from IP addresses from 192.0.2.0 to
+    #     192.0.2.255, specify `192.0.2.0/24`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from the IP address
+    #   * For requests that originated from the IP address
     #     1111:0000:0000:0000:0000:0000:0000:0111, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from IP addresses
+    #   * For requests that originated from IP addresses
     #     1111:0000:0000:0000:0000:0000:0000:0000 to
     #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
@@ -1272,9 +1287,9 @@ module Aws::WAFV2
     #
     # @!attribute [rw] rules
     #   The Rule statements used to identify the web requests that you want
-    #   to allow, block, or count. Each rule includes one top-level
-    #   statement that WAF uses to identify matching web requests, and
-    #   parameters that govern how WAF handles them.
+    #   to manage. Each rule includes one top-level statement that WAF uses
+    #   to identify matching web requests, and parameters that govern how
+    #   WAF handles them.
     #   @return [Array<Types::Rule>]
     #
     # @!attribute [rw] visibility_config
@@ -1369,9 +1384,9 @@ module Aws::WAFV2
     #
     # @!attribute [rw] rules
     #   The Rule statements used to identify the web requests that you want
-    #   to allow, block, or count. Each rule includes one top-level
-    #   statement that WAF uses to identify matching web requests, and
-    #   parameters that govern how WAF handles them.
+    #   to manage. Each rule includes one top-level statement that WAF uses
+    #   to identify matching web requests, and parameters that govern how
+    #   WAF handles them.
     #   @return [Array<Types::Rule>]
     #
     # @!attribute [rw] visibility_config
@@ -1581,8 +1596,9 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] response_headers
-    #   The HTTP headers to use in the response. Duplicate header names are
-    #   not allowed.
+    #   The HTTP headers to use in the response. You can specify any header
+    #   name except for `content-type`. Duplicate header names are not
+    #   allowed.
     #
     #   For information about the limits on count and size for custom
     #   request and response settings, see [WAF quotas][1] in the *WAF
@@ -2380,6 +2396,18 @@ module Aws::WAFV2
     #   `host:user-agent:accept:authorization:referer`.
     #   @return [Types::HeaderOrder]
     #
+    # @!attribute [rw] ja3_fingerprint
+    #   Match against the request's JA3 fingerprint header. The header
+    #   contains a hash fingerprint of the TLS Client Hello packet for the
+    #   request.
+    #
+    #   <note markdown="1"> You can use this choice only with a string match
+    #   `ByteMatchStatement` with the `PositionalConstraint` set to
+    #   `EXACTLY`.
+    #
+    #    </note>
+    #   @return [Types::JA3Fingerprint]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FieldToMatch AWS API Documentation
     #
     class FieldToMatch < Struct.new(
@@ -2393,7 +2421,8 @@ module Aws::WAFV2
       :json_body,
       :headers,
       :cookies,
-      :header_order)
+      :header_order,
+      :ja3_fingerprint)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3573,27 +3602,24 @@ module Aws::WAFV2
     #
     # @!attribute [rw] addresses
     #   Contains an array of strings that specifies zero or more IP
-    #   addresses or blocks of IP addresses. All addresses must be specified
-    #   using Classless Inter-Domain Routing (CIDR) notation. WAF supports
-    #   all IPv4 and IPv6 CIDR ranges except for `/0`.
+    #   addresses or blocks of IP addresses that you want WAF to inspect for
+    #   in incoming requests. All addresses must be specified using
+    #   Classless Inter-Domain Routing (CIDR) notation. WAF supports all
+    #   IPv4 and IPv6 CIDR ranges except for `/0`.
     #
     #   Example address strings:
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from the IP address 192.0.2.44, specify
-    #     `192.0.2.44/32`.
+    #   * For requests that originated from the IP address 192.0.2.44,
+    #     specify `192.0.2.44/32`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from IP addresses from 192.0.2.0 to 192.0.2.255,
-    #     specify `192.0.2.0/24`.
+    #   * For requests that originated from IP addresses from 192.0.2.0 to
+    #     192.0.2.255, specify `192.0.2.0/24`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from the IP address
+    #   * For requests that originated from the IP address
     #     1111:0000:0000:0000:0000:0000:0000:0111, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from IP addresses
+    #   * For requests that originated from IP addresses
     #     1111:0000:0000:0000:0000:0000:0000:0000 to
     #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
@@ -3806,6 +3832,36 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Match against the request's JA3 fingerprint header. The header
+    # contains a hash fingerprint of the TLS Client Hello packet for the
+    # request.
+    #
+    # <note markdown="1"> You can use this choice only with a string match `ByteMatchStatement`
+    # with the `PositionalConstraint` set to `EXACTLY`.
+    #
+    #  </note>
+    #
+    # @!attribute [rw] fallback_behavior
+    #   The match status to assign to the web request if the request
+    #   doesn't have a JA3 fingerprint.
+    #
+    #   You can specify the following fallback behaviors:
+    #
+    #   * `MATCH` - Treat the web request as matching the rule statement.
+    #     WAF applies the rule action to the request.
+    #
+    #   * `NO_MATCH` - Treat the web request as not matching the rule
+    #     statement.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/JA3Fingerprint AWS API Documentation
+    #
+    class JA3Fingerprint < Struct.new(
+      :fallback_behavior)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Inspect the body of the web request as JSON. The body immediately
     # follows the request headers.
     #
@@ -5107,8 +5163,10 @@ module Aws::WAFV2
     # calling ListAvailableManagedRuleGroups.
     #
     # You cannot nest a `ManagedRuleGroupStatement`, for example for use
-    # inside a `NotStatement` or `OrStatement`. It can only be referenced as
-    # a top-level statement within a rule.
+    # inside a `NotStatement` or `OrStatement`. You cannot use a managed
+    # rule group inside another rule group. You can only reference a managed
+    # rule group as a top-level statement within a rule that you define in a
+    # web ACL.
     #
     # <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
     # managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
@@ -6253,7 +6311,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitCookie AWS API Documentation
@@ -6323,7 +6381,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitHeader AWS API Documentation
@@ -6400,7 +6458,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitQueryArgument AWS API Documentation
@@ -6426,7 +6484,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitQueryString AWS API Documentation
@@ -6451,7 +6509,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateLimitUriPath AWS API Documentation
@@ -6496,7 +6554,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
@@ -6580,7 +6638,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexPatternSetReferenceStatement AWS API Documentation
@@ -7171,9 +7229,9 @@ module Aws::WAFV2
     end
 
     # A single rule, which you can use in a WebACL or RuleGroup to identify
-    # web requests that you want to allow, block, or count. Each rule
-    # includes one top-level Statement that WAF uses to identify matching
-    # web requests, and parameters that govern how WAF handles them.
+    # web requests that you want to manage in some way. Each rule includes
+    # one top-level Statement that WAF uses to identify matching web
+    # requests, and parameters that govern how WAF handles them.
     #
     # @!attribute [rw] name
     #   The name of the rule.
@@ -7413,9 +7471,9 @@ module Aws::WAFV2
     #
     # @!attribute [rw] rules
     #   The Rule statements used to identify the web requests that you want
-    #   to allow, block, or count. Each rule includes one top-level
-    #   statement that WAF uses to identify matching web requests, and
-    #   parameters that govern how WAF handles them.
+    #   to manage. Each rule includes one top-level statement that WAF uses
+    #   to identify matching web requests, and parameters that govern how
+    #   WAF handles them.
     #   @return [Array<Types::Rule>]
     #
     # @!attribute [rw] visibility_config
@@ -7496,8 +7554,10 @@ module Aws::WAFV2
     # provide the ARN of the rule group in this statement.
     #
     # You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    # inside a `NotStatement` or `OrStatement`. You can only use a rule
-    # group reference statement at the top level inside a web ACL.
+    # inside a `NotStatement` or `OrStatement`. You cannot use a rule group
+    # reference statement inside another rule group. You can only reference
+    # a rule group as a top-level statement within a rule that you define in
+    # a web ACL.
     #
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) of the entity.
@@ -7779,7 +7839,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SizeConstraintStatement AWS API Documentation
@@ -7810,7 +7870,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @!attribute [rw] sensitivity_level
@@ -7937,8 +7997,10 @@ module Aws::WAFV2
     #   provide the ARN of the rule group in this statement.
     #
     #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
-    #   group reference statement at the top level inside a web ACL.
+    #   inside a `NotStatement` or `OrStatement`. You cannot use a rule
+    #   group reference statement inside another rule group. You can only
+    #   reference a rule group as a top-level statement within a rule that
+    #   you define in a web ACL.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @!attribute [rw] ip_set_reference_statement
@@ -8091,8 +8153,10 @@ module Aws::WAFV2
     #   calling ListAvailableManagedRuleGroups.
     #
     #   You cannot nest a `ManagedRuleGroupStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
+    #   inside a `NotStatement` or `OrStatement`. You cannot use a managed
+    #   rule group inside another rule group. You can only reference a
+    #   managed rule group as a top-level statement within a rule that you
+    #   define in a web ACL.
     #
     #   <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
     #   managed rule group `AWSManagedRulesBotControlRuleSet`, the WAF Fraud
@@ -8248,126 +8312,12 @@ module Aws::WAFV2
     #   @return [Integer]
     #
     # @!attribute [rw] type
-    #   You can specify the following transformation types:
-    #
-    #   **BASE64\_DECODE** - Decode a `Base64`-encoded string.
-    #
-    #   **BASE64\_DECODE\_EXT** - Decode a `Base64`-encoded string, but use
-    #   a forgiving implementation that ignores characters that aren't
-    #   valid.
-    #
-    #   **CMD\_LINE** - Command-line transformations. These are helpful in
-    #   reducing effectiveness of attackers who inject an operating system
-    #   command-line command and use unusual formatting to disguise some or
-    #   all of the command.
-    #
-    #   * Delete the following characters: `\ " ' ^`
-    #
-    #   * Delete spaces before the following characters: `/ (`
-    #
-    #   * Replace the following characters with a space: `, ;`
-    #
-    #   * Replace multiple spaces with one space
-    #
-    #   * Convert uppercase letters (A-Z) to lowercase (a-z)
-    #
-    #   **COMPRESS\_WHITE\_SPACE** - Replace these characters with a space
-    #   character (decimal 32):
-    #
-    #   * `\f`, formfeed, decimal 12
-    #
-    #   * `\t`, tab, decimal 9
-    #
-    #   * `\n`, newline, decimal 10
-    #
-    #   * `\r`, carriage return, decimal 13
-    #
-    #   * `\v`, vertical tab, decimal 11
-    #
-    #   * Non-breaking space, decimal 160
-    #
-    #   `COMPRESS_WHITE_SPACE` also replaces multiple spaces with one space.
-    #
-    #   **CSS\_DECODE** - Decode characters that were encoded using CSS 2.x
-    #   escape rules `syndata.html#characters`. This function uses up to two
-    #   bytes in the decoding process, so it can help to uncover ASCII
-    #   characters that were encoded using CSS encoding that wouldn’t
-    #   typically be encoded. It's also useful in countering evasion, which
-    #   is a combination of a backslash and non-hexadecimal characters. For
-    #   example, `ja\vascript` for javascript.
-    #
-    #   **ESCAPE\_SEQ\_DECODE** - Decode the following ANSI C escape
-    #   sequences: `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`,
-    #   `'`, `"`, `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that
-    #   aren't valid remain in the output.
-    #
-    #   **HEX\_DECODE** - Decode a string of hexadecimal characters into a
-    #   binary.
-    #
-    #   **HTML\_ENTITY\_DECODE** - Replace HTML-encoded characters with
-    #   unencoded characters. `HTML_ENTITY_DECODE` performs these
-    #   operations:
-    #
-    #   * Replaces `(ampersand)quot;` with `"`
-    #
-    #   * Replaces `(ampersand)nbsp;` with a non-breaking space, decimal 160
-    #
-    #   * Replaces `(ampersand)lt;` with a "less than" symbol
-    #
-    #   * Replaces `(ampersand)gt;` with `>`
-    #
-    #   * Replaces characters that are represented in hexadecimal format,
-    #     `(ampersand)#xhhhh;`, with the corresponding characters
-    #
-    #   * Replaces characters that are represented in decimal format,
-    #     `(ampersand)#nnnn;`, with the corresponding characters
-    #
-    #   **JS\_DECODE** - Decode JavaScript escape sequences. If a `` `u`
-    #   `HHHH` code is in the full-width ASCII code range of `FF01-FF5E`,
-    #   then the higher byte is used to detect and adjust the lower byte. If
-    #   not, only the lower byte is used and the higher byte is zeroed,
-    #   causing a possible loss of information.
-    #
-    #   **LOWERCASE** - Convert uppercase letters (A-Z) to lowercase (a-z).
-    #
-    #   **MD5** - Calculate an MD5 hash from the data in the input. The
-    #   computed hash is in a raw binary form.
-    #
-    #   **NONE** - Specify `NONE` if you don't want any text
-    #   transformations.
-    #
-    #   **NORMALIZE\_PATH** - Remove multiple slashes, directory
-    #   self-references, and directory back-references that are not at the
-    #   beginning of the input from an input string.
-    #
-    #   **NORMALIZE\_PATH\_WIN** - This is the same as `NORMALIZE_PATH`, but
-    #   first converts backslash characters to forward slashes.
-    #
-    #   **REMOVE\_NULLS** - Remove all `NULL` bytes from the input.
-    #
-    #   **REPLACE\_COMMENTS** - Replace each occurrence of a C-style comment
-    #   (`/* ... */`) with a single space. Multiple consecutive occurrences
-    #   are not compressed. Unterminated comments are also replaced with a
-    #   space (ASCII 0x20). However, a standalone termination of a comment
-    #   (`*/`) is not acted upon.
-    #
-    #   **REPLACE\_NULLS** - Replace NULL bytes in the input with space
-    #   characters (ASCII `0x20`).
-    #
-    #   **SQL\_HEX\_DECODE** - Decode SQL hex data. Example (`0x414243`)
-    #   will be decoded to (`ABC`).
+    #   For detailed descriptions of each of the transformation types, see
+    #   [Text transformations][1] in the *WAF Developer Guide*.
     #
-    #   **URL\_DECODE** - Decode a URL-encoded value.
     #
-    #   **URL\_DECODE\_UNI** - Like `URL_DECODE`, but with support for
-    #   Microsoft-specific `%u` encoding. If the code is in the full-width
-    #   ASCII code range of `FF01-FF5E`, the higher byte is used to detect
-    #   and adjust the lower byte. Otherwise, only the lower byte is used
-    #   and the higher byte is zeroed.
     #
-    #   **UTF8\_TO\_UNICODE** - Convert all UTF-8 character sequences to
-    #   Unicode. This helps input normalization, and minimizing
-    #   false-positives and false-negatives for non-English languages.
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TextTransformation AWS API Documentation
@@ -8479,27 +8429,24 @@ module Aws::WAFV2
     #
     # @!attribute [rw] addresses
     #   Contains an array of strings that specifies zero or more IP
-    #   addresses or blocks of IP addresses. All addresses must be specified
-    #   using Classless Inter-Domain Routing (CIDR) notation. WAF supports
-    #   all IPv4 and IPv6 CIDR ranges except for `/0`.
+    #   addresses or blocks of IP addresses that you want WAF to inspect for
+    #   in incoming requests. All addresses must be specified using
+    #   Classless Inter-Domain Routing (CIDR) notation. WAF supports all
+    #   IPv4 and IPv6 CIDR ranges except for `/0`.
     #
     #   Example address strings:
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from the IP address 192.0.2.44, specify
-    #     `192.0.2.44/32`.
+    #   * For requests that originated from the IP address 192.0.2.44,
+    #     specify `192.0.2.44/32`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from IP addresses from 192.0.2.0 to 192.0.2.255,
-    #     specify `192.0.2.0/24`.
+    #   * For requests that originated from IP addresses from 192.0.2.0 to
+    #     192.0.2.255, specify `192.0.2.0/24`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from the IP address
+    #   * For requests that originated from the IP address
     #     1111:0000:0000:0000:0000:0000:0000:0111, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
     #
-    #   * To configure WAF to allow, block, or count requests that
-    #     originated from IP addresses
+    #   * For requests that originated from IP addresses
     #     1111:0000:0000:0000:0000:0000:0000:0000 to
     #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
     #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
@@ -8770,9 +8717,9 @@ module Aws::WAFV2
     #
     # @!attribute [rw] rules
     #   The Rule statements used to identify the web requests that you want
-    #   to allow, block, or count. Each rule includes one top-level
-    #   statement that WAF uses to identify matching web requests, and
-    #   parameters that govern how WAF handles them.
+    #   to manage. Each rule includes one top-level statement that WAF uses
+    #   to identify matching web requests, and parameters that govern how
+    #   WAF handles them.
     #   @return [Array<Types::Rule>]
     #
     # @!attribute [rw] visibility_config
@@ -8879,9 +8826,9 @@ module Aws::WAFV2
     #
     # @!attribute [rw] rules
     #   The Rule statements used to identify the web requests that you want
-    #   to allow, block, or count. Each rule includes one top-level
-    #   statement that WAF uses to identify matching web requests, and
-    #   parameters that govern how WAF handles them.
+    #   to manage. Each rule includes one top-level statement that WAF uses
+    #   to identify matching web requests, and parameters that govern how
+    #   WAF handles them.
     #   @return [Array<Types::Rule>]
     #
     # @!attribute [rw] visibility_config
@@ -9487,16 +9434,17 @@ module Aws::WAFV2
     end
 
     # A web ACL defines a collection of rules to use to inspect and control
-    # web requests. Each rule has an action defined (allow, block, or count)
-    # for requests that match the statement of the rule. In the web ACL, you
-    # assign a default action to take (allow, block) for any request that
-    # does not match any of the rules. The rules in a web ACL can be a
-    # combination of the types Rule, RuleGroup, and managed rule group. You
-    # can associate a web ACL with one or more Amazon Web Services resources
-    # to protect. The resources can be an Amazon CloudFront distribution, an
-    # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-    # GraphQL API, an Amazon Cognito user pool, an App Runner service, or an
-    # Amazon Web Services Verified Access instance.
+    # web requests. Each rule has a statement that defines what to look for
+    # in web requests and an action that WAF applies to requests that match
+    # the statement. In the web ACL, you assign a default action to take
+    # (allow, block) for any request that does not match any of the rules.
+    # The rules in a web ACL can be a combination of the types Rule,
+    # RuleGroup, and managed rule group. You can associate a web ACL with
+    # one or more Amazon Web Services resources to protect. The resources
+    # can be an Amazon CloudFront distribution, an Amazon API Gateway REST
+    # API, an Application Load Balancer, an AppSync GraphQL API, an Amazon
+    # Cognito user pool, an App Runner service, or an Amazon Web Services
+    # Verified Access instance.
     #
     # @!attribute [rw] name
     #   The name of the web ACL. You cannot change the name of a web ACL
@@ -9525,9 +9473,9 @@ module Aws::WAFV2
     #
     # @!attribute [rw] rules
     #   The Rule statements used to identify the web requests that you want
-    #   to allow, block, or count. Each rule includes one top-level
-    #   statement that WAF uses to identify matching web requests, and
-    #   parameters that govern how WAF handles them.
+    #   to manage. Each rule includes one top-level statement that WAF uses
+    #   to identify matching web requests, and parameters that govern how
+    #   WAF handles them.
     #   @return [Array<Types::Rule>]
     #
     # @!attribute [rw] visibility_config
@@ -9755,7 +9703,7 @@ module Aws::WAFV2
     #   before using them as custom aggregation keys. If you specify one or
     #   more transformations to apply, WAF performs all transformations on
     #   the specified content, starting from the lowest priority setting,
-    #   and then uses the component contents.
+    #   and then uses the transformed component contents.
     #   @return [Array<Types::TextTransformation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/XssMatchStatement AWS API Documentation

data/lib/aws-sdk-wafv2.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-wafv2/customizations'
 # @!group service
 module Aws::WAFV2
 
-  GEM_VERSION = '1.68.0'
+  GEM_VERSION = '1.69.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-wafv2
 version: !ruby/object:Gem::Version
-  version: 1.68.0
+  version: 1.69.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-06 00:00:00.000000000 Z
+date: 2023-09-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core