@aws-sdk/client-wafv2 3.821.0 → 3.825.0

package/dist-cjs/index.js

@@ -310,6 +310,10 @@ var ActionValue = {
   COUNT: "COUNT",
   EXCLUDED_AS_COUNT: "EXCLUDED_AS_COUNT"
 };
+var FallbackBehavior = {
+  MATCH: "MATCH",
+  NO_MATCH: "NO_MATCH"
+};
 var OversizeHandling = {
   CONTINUE: "CONTINUE",
   MATCH: "MATCH",
@@ -320,10 +324,6 @@ var MapMatchScope = {
   KEY: "KEY",
   VALUE: "VALUE"
 };
-var FallbackBehavior = {
-  MATCH: "MATCH",
-  NO_MATCH: "NO_MATCH"
-};
 var BodyParsingFallbackBehavior = {
   EVALUATE_AS_STRING: "EVALUATE_AS_STRING",
   MATCH: "MATCH",
@@ -2576,6 +2576,7 @@ var se_Rules = /* @__PURE__ */ __name((input, context) => {
 var se_Statement = /* @__PURE__ */ __name((input, context) => {
   return (0, import_smithy_client.take)(input, {
     AndStatement: /* @__PURE__ */ __name((_) => se_AndStatement(_, context), "AndStatement"),
+    AsnMatchStatement: import_smithy_client._json,
     ByteMatchStatement: /* @__PURE__ */ __name((_) => se_ByteMatchStatement(_, context), "ByteMatchStatement"),
     GeoMatchStatement: import_smithy_client._json,
     IPSetReferenceStatement: import_smithy_client._json,
@@ -2904,6 +2905,7 @@ var de_SampledHTTPRequests = /* @__PURE__ */ __name((output, context) => {
 var de_Statement = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     AndStatement: /* @__PURE__ */ __name((_) => de_AndStatement(_, context), "AndStatement"),
+    AsnMatchStatement: import_smithy_client._json,
     ByteMatchStatement: /* @__PURE__ */ __name((_) => de_ByteMatchStatement(_, context), "ByteMatchStatement"),
     GeoMatchStatement: import_smithy_client._json,
     IPSetReferenceStatement: import_smithy_client._json,
@@ -3928,9 +3930,9 @@ var WAFV2 = class extends WAFV2Client {
   UpdateRuleGroupCommand,
   UpdateWebACLCommand,
   ActionValue,
+  FallbackBehavior,
   OversizeHandling,
   MapMatchScope,
-  FallbackBehavior,
   BodyParsingFallbackBehavior,
   JsonMatchScope,
   PositionalConstraint,

package/dist-es/models/models_0.js

@@ -7,6 +7,10 @@ export const ActionValue = {
     COUNT: "COUNT",
     EXCLUDED_AS_COUNT: "EXCLUDED_AS_COUNT",
 };
+export const FallbackBehavior = {
+    MATCH: "MATCH",
+    NO_MATCH: "NO_MATCH",
+};
 export const OversizeHandling = {
     CONTINUE: "CONTINUE",
     MATCH: "MATCH",
@@ -17,10 +21,6 @@ export const MapMatchScope = {
     KEY: "KEY",
     VALUE: "VALUE",
 };
-export const FallbackBehavior = {
-    MATCH: "MATCH",
-    NO_MATCH: "NO_MATCH",
-};
 export const BodyParsingFallbackBehavior = {
     EVALUATE_AS_STRING: "EVALUATE_AS_STRING",
     MATCH: "MATCH",

package/dist-es/protocols/Aws_json1_1.js

@@ -1384,6 +1384,7 @@ const se_Rules = (input, context) => {
 const se_Statement = (input, context) => {
     return take(input, {
         AndStatement: (_) => se_AndStatement(_, context),
+        AsnMatchStatement: _json,
         ByteMatchStatement: (_) => se_ByteMatchStatement(_, context),
         GeoMatchStatement: _json,
         IPSetReferenceStatement: _json,
@@ -1726,6 +1727,7 @@ const de_SampledHTTPRequests = (output, context) => {
 const de_Statement = (output, context) => {
     return take(output, {
         AndStatement: (_) => de_AndStatement(_, context),
+        AsnMatchStatement: _json,
         ByteMatchStatement: (_) => de_ByteMatchStatement(_, context),
         GeoMatchStatement: _json,
         IPSetReferenceStatement: _json,

package/dist-types/commands/CheckCapacityCommand.d.ts

@@ -607,6 +607,7 @@ declare const CheckCapacityCommand_base: {
  *                   JA4Fingerprint: { // RateLimitJA4Fingerprint
  *                     FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *                   },
+ *                   ASN: {},
  *                 },
  *               ],
  *             },
@@ -797,6 +798,15 @@ declare const CheckCapacityCommand_base: {
  *               FieldToMatch: "<FieldToMatch>", // required
  *               TextTransformations: "<TextTransformations>", // required
  *             },
+ *             AsnMatchStatement: { // AsnMatchStatement
+ *               AsnList: [ // AsnList // required
+ *                 Number("long"),
+ *               ],
+ *               ForwardedIPConfig: {
+ *                 HeaderName: "STRING_VALUE", // required
+ *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ *               },
+ *             },
  *           },
  *           ForwardedIPConfig: {
  *             HeaderName: "STRING_VALUE", // required
@@ -834,6 +844,7 @@ declare const CheckCapacityCommand_base: {
  *               JA4Fingerprint: {
  *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *               },
+ *               ASN: {},
  *             },
  *           ],
  *         },
@@ -1012,6 +1023,12 @@ declare const CheckCapacityCommand_base: {
  *           FieldToMatch: "<FieldToMatch>", // required
  *           TextTransformations: "<TextTransformations>", // required
  *         },
+ *         AsnMatchStatement: {
+ *           AsnList: [ // required
+ *             Number("long"),
+ *           ],
+ *           ForwardedIPConfig: "<ForwardedIPConfig>",
+ *         },
  *       },
  *       Action: "<RuleAction>",
  *       OverrideAction: { // OverrideAction

package/dist-types/commands/CreateRuleGroupCommand.d.ts

@@ -600,6 +600,7 @@ declare const CreateRuleGroupCommand_base: {
  *                   JA4Fingerprint: { // RateLimitJA4Fingerprint
  *                     FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *                   },
+ *                   ASN: {},
  *                 },
  *               ],
  *             },
@@ -790,6 +791,15 @@ declare const CreateRuleGroupCommand_base: {
  *               FieldToMatch: "<FieldToMatch>", // required
  *               TextTransformations: "<TextTransformations>", // required
  *             },
+ *             AsnMatchStatement: { // AsnMatchStatement
+ *               AsnList: [ // AsnList // required
+ *                 Number("long"),
+ *               ],
+ *               ForwardedIPConfig: {
+ *                 HeaderName: "STRING_VALUE", // required
+ *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ *               },
+ *             },
  *           },
  *           ForwardedIPConfig: {
  *             HeaderName: "STRING_VALUE", // required
@@ -827,6 +837,7 @@ declare const CreateRuleGroupCommand_base: {
  *               JA4Fingerprint: {
  *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *               },
+ *               ASN: {},
  *             },
  *           ],
  *         },
@@ -1005,6 +1016,12 @@ declare const CreateRuleGroupCommand_base: {
  *           FieldToMatch: "<FieldToMatch>", // required
  *           TextTransformations: "<TextTransformations>", // required
  *         },
+ *         AsnMatchStatement: {
+ *           AsnList: [ // required
+ *             Number("long"),
+ *           ],
+ *           ForwardedIPConfig: "<ForwardedIPConfig>",
+ *         },
  *       },
  *       Action: "<RuleAction>",
  *       OverrideAction: { // OverrideAction

package/dist-types/commands/CreateWebACLCommand.d.ts

@@ -603,6 +603,7 @@ declare const CreateWebACLCommand_base: {
  *                   JA4Fingerprint: { // RateLimitJA4Fingerprint
  *                     FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *                   },
+ *                   ASN: {},
  *                 },
  *               ],
  *             },
@@ -785,6 +786,15 @@ declare const CreateWebACLCommand_base: {
  *               FieldToMatch: "<FieldToMatch>", // required
  *               TextTransformations: "<TextTransformations>", // required
  *             },
+ *             AsnMatchStatement: { // AsnMatchStatement
+ *               AsnList: [ // AsnList // required
+ *                 Number("long"),
+ *               ],
+ *               ForwardedIPConfig: {
+ *                 HeaderName: "STRING_VALUE", // required
+ *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ *               },
+ *             },
  *           },
  *           ForwardedIPConfig: {
  *             HeaderName: "STRING_VALUE", // required
@@ -822,6 +832,7 @@ declare const CreateWebACLCommand_base: {
  *               JA4Fingerprint: {
  *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *               },
+ *               ASN: {},
  *             },
  *           ],
  *         },
@@ -992,6 +1003,12 @@ declare const CreateWebACLCommand_base: {
  *           FieldToMatch: "<FieldToMatch>", // required
  *           TextTransformations: "<TextTransformations>", // required
  *         },
+ *         AsnMatchStatement: {
+ *           AsnList: [ // required
+ *             Number("long"),
+ *           ],
+ *           ForwardedIPConfig: "<ForwardedIPConfig>",
+ *         },
  *       },
  *       Action: "<RuleAction>",
  *       OverrideAction: { // OverrideAction

package/dist-types/commands/GetRuleGroupCommand.d.ts

@@ -609,6 +609,7 @@ declare const GetRuleGroupCommand_base: {
  * //                     JA4Fingerprint: { // RateLimitJA4Fingerprint
  * //                       FallbackBehavior: "MATCH" || "NO_MATCH", // required
  * //                     },
+ * //                     ASN: {},
  * //                   },
  * //                 ],
  * //               },
@@ -799,6 +800,15 @@ declare const GetRuleGroupCommand_base: {
  * //                 FieldToMatch: "<FieldToMatch>", // required
  * //                 TextTransformations: "<TextTransformations>", // required
  * //               },
+ * //               AsnMatchStatement: { // AsnMatchStatement
+ * //                 AsnList: [ // AsnList // required
+ * //                   Number("long"),
+ * //                 ],
+ * //                 ForwardedIPConfig: {
+ * //                   HeaderName: "STRING_VALUE", // required
+ * //                   FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ * //                 },
+ * //               },
  * //             },
  * //             ForwardedIPConfig: {
  * //               HeaderName: "STRING_VALUE", // required
@@ -836,6 +846,7 @@ declare const GetRuleGroupCommand_base: {
  * //                 JA4Fingerprint: {
  * //                   FallbackBehavior: "MATCH" || "NO_MATCH", // required
  * //                 },
+ * //                 ASN: {},
  * //               },
  * //             ],
  * //           },
@@ -1014,6 +1025,12 @@ declare const GetRuleGroupCommand_base: {
  * //             FieldToMatch: "<FieldToMatch>", // required
  * //             TextTransformations: "<TextTransformations>", // required
  * //           },
+ * //           AsnMatchStatement: {
+ * //             AsnList: [ // required
+ * //               Number("long"),
+ * //             ],
+ * //             ForwardedIPConfig: "<ForwardedIPConfig>",
+ * //           },
  * //         },
  * //         Action: "<RuleAction>",
  * //         OverrideAction: { // OverrideAction

package/dist-types/commands/GetWebACLCommand.d.ts

@@ -612,6 +612,7 @@ declare const GetWebACLCommand_base: {
  * //                     JA4Fingerprint: { // RateLimitJA4Fingerprint
  * //                       FallbackBehavior: "MATCH" || "NO_MATCH", // required
  * //                     },
+ * //                     ASN: {},
  * //                   },
  * //                 ],
  * //               },
@@ -794,6 +795,15 @@ declare const GetWebACLCommand_base: {
  * //                 FieldToMatch: "<FieldToMatch>", // required
  * //                 TextTransformations: "<TextTransformations>", // required
  * //               },
+ * //               AsnMatchStatement: { // AsnMatchStatement
+ * //                 AsnList: [ // AsnList // required
+ * //                   Number("long"),
+ * //                 ],
+ * //                 ForwardedIPConfig: {
+ * //                   HeaderName: "STRING_VALUE", // required
+ * //                   FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ * //                 },
+ * //               },
  * //             },
  * //             ForwardedIPConfig: {
  * //               HeaderName: "STRING_VALUE", // required
@@ -831,6 +841,7 @@ declare const GetWebACLCommand_base: {
  * //                 JA4Fingerprint: {
  * //                   FallbackBehavior: "MATCH" || "NO_MATCH", // required
  * //                 },
+ * //                 ASN: {},
  * //               },
  * //             ],
  * //           },
@@ -1001,6 +1012,12 @@ declare const GetWebACLCommand_base: {
  * //             FieldToMatch: "<FieldToMatch>", // required
  * //             TextTransformations: "<TextTransformations>", // required
  * //           },
+ * //           AsnMatchStatement: {
+ * //             AsnList: [ // required
+ * //               Number("long"),
+ * //             ],
+ * //             ForwardedIPConfig: "<ForwardedIPConfig>",
+ * //           },
  * //         },
  * //         Action: "<RuleAction>",
  * //         OverrideAction: { // OverrideAction

package/dist-types/commands/GetWebACLForResourceCommand.d.ts

@@ -619,6 +619,7 @@ declare const GetWebACLForResourceCommand_base: {
  * //                     JA4Fingerprint: { // RateLimitJA4Fingerprint
  * //                       FallbackBehavior: "MATCH" || "NO_MATCH", // required
  * //                     },
+ * //                     ASN: {},
  * //                   },
  * //                 ],
  * //               },
@@ -801,6 +802,15 @@ declare const GetWebACLForResourceCommand_base: {
  * //                 FieldToMatch: "<FieldToMatch>", // required
  * //                 TextTransformations: "<TextTransformations>", // required
  * //               },
+ * //               AsnMatchStatement: { // AsnMatchStatement
+ * //                 AsnList: [ // AsnList // required
+ * //                   Number("long"),
+ * //                 ],
+ * //                 ForwardedIPConfig: {
+ * //                   HeaderName: "STRING_VALUE", // required
+ * //                   FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ * //                 },
+ * //               },
  * //             },
  * //             ForwardedIPConfig: {
  * //               HeaderName: "STRING_VALUE", // required
@@ -838,6 +848,7 @@ declare const GetWebACLForResourceCommand_base: {
  * //                 JA4Fingerprint: {
  * //                   FallbackBehavior: "MATCH" || "NO_MATCH", // required
  * //                 },
+ * //                 ASN: {},
  * //               },
  * //             ],
  * //           },
@@ -1008,6 +1019,12 @@ declare const GetWebACLForResourceCommand_base: {
  * //             FieldToMatch: "<FieldToMatch>", // required
  * //             TextTransformations: "<TextTransformations>", // required
  * //           },
+ * //           AsnMatchStatement: {
+ * //             AsnList: [ // required
+ * //               Number("long"),
+ * //             ],
+ * //             ForwardedIPConfig: "<ForwardedIPConfig>",
+ * //           },
  * //         },
  * //         Action: "<RuleAction>",
  * //         OverrideAction: { // OverrideAction

package/dist-types/commands/UpdateRuleGroupCommand.d.ts

@@ -635,6 +635,7 @@ declare const UpdateRuleGroupCommand_base: {
  *                   JA4Fingerprint: { // RateLimitJA4Fingerprint
  *                     FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *                   },
+ *                   ASN: {},
  *                 },
  *               ],
  *             },
@@ -825,6 +826,15 @@ declare const UpdateRuleGroupCommand_base: {
  *               FieldToMatch: "<FieldToMatch>", // required
  *               TextTransformations: "<TextTransformations>", // required
  *             },
+ *             AsnMatchStatement: { // AsnMatchStatement
+ *               AsnList: [ // AsnList // required
+ *                 Number("long"),
+ *               ],
+ *               ForwardedIPConfig: {
+ *                 HeaderName: "STRING_VALUE", // required
+ *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ *               },
+ *             },
  *           },
  *           ForwardedIPConfig: {
  *             HeaderName: "STRING_VALUE", // required
@@ -862,6 +872,7 @@ declare const UpdateRuleGroupCommand_base: {
  *               JA4Fingerprint: {
  *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *               },
+ *               ASN: {},
  *             },
  *           ],
  *         },
@@ -1040,6 +1051,12 @@ declare const UpdateRuleGroupCommand_base: {
  *           FieldToMatch: "<FieldToMatch>", // required
  *           TextTransformations: "<TextTransformations>", // required
  *         },
+ *         AsnMatchStatement: {
+ *           AsnList: [ // required
+ *             Number("long"),
+ *           ],
+ *           ForwardedIPConfig: "<ForwardedIPConfig>",
+ *         },
  *       },
  *       Action: "<RuleAction>",
  *       OverrideAction: { // OverrideAction

package/dist-types/commands/UpdateWebACLCommand.d.ts

@@ -640,6 +640,7 @@ declare const UpdateWebACLCommand_base: {
  *                   JA4Fingerprint: { // RateLimitJA4Fingerprint
  *                     FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *                   },
+ *                   ASN: {},
  *                 },
  *               ],
  *             },
@@ -822,6 +823,15 @@ declare const UpdateWebACLCommand_base: {
  *               FieldToMatch: "<FieldToMatch>", // required
  *               TextTransformations: "<TextTransformations>", // required
  *             },
+ *             AsnMatchStatement: { // AsnMatchStatement
+ *               AsnList: [ // AsnList // required
+ *                 Number("long"),
+ *               ],
+ *               ForwardedIPConfig: {
+ *                 HeaderName: "STRING_VALUE", // required
+ *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
+ *               },
+ *             },
  *           },
  *           ForwardedIPConfig: {
  *             HeaderName: "STRING_VALUE", // required
@@ -859,6 +869,7 @@ declare const UpdateWebACLCommand_base: {
  *               JA4Fingerprint: {
  *                 FallbackBehavior: "MATCH" || "NO_MATCH", // required
  *               },
+ *               ASN: {},
  *             },
  *           ],
  *         },
@@ -1029,6 +1040,12 @@ declare const UpdateWebACLCommand_base: {
  *           FieldToMatch: "<FieldToMatch>", // required
  *           TextTransformations: "<TextTransformations>", // required
  *         },
+ *         AsnMatchStatement: {
+ *           AsnList: [ // required
+ *             Number("long"),
+ *           ],
+ *           ForwardedIPConfig: "<ForwardedIPConfig>",
+ *         },
  *       },
  *       Action: "<RuleAction>",
  *       OverrideAction: { // OverrideAction

package/dist-types/models/models_0.d.ts

@@ -132,6 +132,79 @@ export interface AllowAction {
  */
 export interface AllQueryArguments {
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const FallbackBehavior: {
+    readonly MATCH: "MATCH";
+    readonly NO_MATCH: "NO_MATCH";
+};
+/**
+ * @public
+ */
+export type FallbackBehavior = (typeof FallbackBehavior)[keyof typeof FallbackBehavior];
+/**
+ * <p>The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. </p>
+ *          <note>
+ *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
+ *          </note>
+ *          <p>This configuration is used for <a>GeoMatchStatement</a>, <a>AsnMatchStatement</a>, and
+ *          <a>RateBasedStatement</a>. For <a>IPSetReferenceStatement</a>, use <a>IPSetForwardedIPConfig</a> instead. </p>
+ *          <p>WAF only evaluates the first IP address found in the specified HTTP header.
+ *       </p>
+ * @public
+ */
+export interface ForwardedIPConfig {
+    /**
+     * <p>The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to <code>X-Forwarded-For</code>.</p>
+     *          <note>
+     *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
+     *          </note>
+     * @public
+     */
+    HeaderName: string | undefined;
+    /**
+     * <p>The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.</p>
+     *          <note>
+     *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
+     *          </note>
+     *          <p>You can specify the following fallback behaviors:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>MATCH</code> - Treat the web request as matching the rule statement. WAF applies the rule action to the request.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>NO_MATCH</code> - Treat the web request as not matching the rule statement.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    FallbackBehavior: FallbackBehavior | undefined;
+}
+/**
+ * <p>A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.</p>
+ *          <p>For additional details, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html">ASN match rule statement</a> in the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+ * @public
+ */
+export interface AsnMatchStatement {
+    /**
+     * <p>Contains one or more Autonomous System Numbers (ASNs).
+     *          ASNs are unique identifiers assigned to large internet networks managed by organizations such as
+     *          internet service providers, enterprises, universities, or government agencies. </p>
+     * @public
+     */
+    AsnList: number[] | undefined;
+    /**
+     * <p>The configuration for inspecting IP addresses to match against an ASN in an HTTP header that you specify,
+     *          instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header,
+     *          but you can specify any header name. </p>
+     * @public
+     */
+    ForwardedIPConfig?: ForwardedIPConfig | undefined;
+}
 /**
  * @public
  * @enum
@@ -298,7 +371,7 @@ export interface Cookies {
  */
 export interface HeaderOrder {
     /**
-     * <p>What WAF should do if the headers of the request are more numerous or larger than WAF can inspect.
+     * <p>What WAF should do if the headers determined by your match scope are more numerous or larger than WAF can inspect.
      *     WAF does not support inspecting the entire contents of request headers
      *       when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers
      *       and at most 8 KB of header contents to WAF. </p>
@@ -383,7 +456,7 @@ export interface Headers {
      */
     MatchScope: MapMatchScope | undefined;
     /**
-     * <p>What WAF should do if the headers of the request are more numerous or larger than WAF can inspect.
+     * <p>What WAF should do if the headers determined by your match scope are more numerous or larger than WAF can inspect.
      *     WAF does not support inspecting the entire contents of request headers
      *       when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers
      *       and at most 8 KB of header contents to WAF. </p>
@@ -408,18 +481,6 @@ export interface Headers {
      */
     OversizeHandling: OversizeHandling | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const FallbackBehavior: {
-    readonly MATCH: "MATCH";
-    readonly NO_MATCH: "NO_MATCH";
-};
-/**
- * @public
- */
-export type FallbackBehavior = (typeof FallbackBehavior)[keyof typeof FallbackBehavior];
 /**
  * <p>Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each
  * 						request that has enough TLS Client Hello information for the calculation. Almost
@@ -1417,45 +1478,6 @@ export declare const CountryCode: {
  * @public
  */
 export type CountryCode = (typeof CountryCode)[keyof typeof CountryCode];
-/**
- * <p>The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. </p>
- *          <note>
- *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
- *          </note>
- *          <p>This configuration is used for <a>GeoMatchStatement</a> and <a>RateBasedStatement</a>. For <a>IPSetReferenceStatement</a>, use <a>IPSetForwardedIPConfig</a> instead. </p>
- *          <p>WAF only evaluates the first IP address found in the specified HTTP header.
- *       </p>
- * @public
- */
-export interface ForwardedIPConfig {
-    /**
-     * <p>The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to <code>X-Forwarded-For</code>.</p>
-     *          <note>
-     *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
-     *          </note>
-     * @public
-     */
-    HeaderName: string | undefined;
-    /**
-     * <p>The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.</p>
-     *          <note>
-     *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
-     *          </note>
-     *          <p>You can specify the following fallback behaviors:</p>
-     *          <ul>
-     *             <li>
-     *                <p>
-     *                   <code>MATCH</code> - Treat the web request as matching the rule statement. WAF applies the rule action to the request.</p>
-     *             </li>
-     *             <li>
-     *                <p>
-     *                   <code>NO_MATCH</code> - Treat the web request as not matching the rule statement.</p>
-     *             </li>
-     *          </ul>
-     * @public
-     */
-    FallbackBehavior: FallbackBehavior | undefined;
-}
 /**
  * <p>A rule statement that labels web requests by country and region and that matches against web requests based on country code. A geo match rule labels every request that it inspects regardless of whether it finds a match.</p>
  *          <ul>
@@ -2543,6 +2565,14 @@ export declare const RateBasedStatementAggregateKeyType: {
  * @public
  */
 export type RateBasedStatementAggregateKeyType = (typeof RateBasedStatementAggregateKeyType)[keyof typeof RateBasedStatementAggregateKeyType];
+/**
+ * <p>Specifies an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key for a rate-based rule.
+ *          Each distinct ASN contributes to the aggregation instance.
+ *          If you use a single ASN as your custom key, then each ASN fully defines an aggregation instance. </p>
+ * @public
+ */
+export interface RateLimitAsn {
+}
 /**
  * <p>Specifies a cookie as an aggregate key for a rate-based rule. Each distinct value in the cookie contributes to the aggregation instance. If you use a single
  *     cookie as your custom key, then each value fully defines an aggregation instance.  </p>
@@ -2795,6 +2825,12 @@ export interface RateBasedStatementCustomKey {
      * @public
      */
     JA4Fingerprint?: RateLimitJA4Fingerprint | undefined;
+    /**
+     * <p>Use an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key.
+     *          Each distinct ASN contributes to the aggregation instance. </p>
+     * @public
+     */
+    ASN?: RateLimitAsn | undefined;
 }
 /**
  * <p>A rule statement used to search web request components for a match against a single regular expression. </p>
@@ -7443,6 +7479,12 @@ export interface Statement {
      * @public
      */
     RegexMatchStatement?: RegexMatchStatement | undefined;
+    /**
+     * <p>A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.</p>
+     *          <p>For additional details, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html">ASN match rule statement</a> in the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     * @public
+     */
+    AsnMatchStatement?: AsnMatchStatement | undefined;
 }
 /**
  * <p>A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling <a>ListAvailableManagedRuleGroups</a>.</p>

package/dist-types/ts3.4/models/models_0.d.ts

@@ -27,6 +27,20 @@ export interface AllowAction {
   CustomRequestHandling?: CustomRequestHandling | undefined;
 }
 export interface AllQueryArguments {}
+export declare const FallbackBehavior: {
+  readonly MATCH: "MATCH";
+  readonly NO_MATCH: "NO_MATCH";
+};
+export type FallbackBehavior =
+  (typeof FallbackBehavior)[keyof typeof FallbackBehavior];
+export interface ForwardedIPConfig {
+  HeaderName: string | undefined;
+  FallbackBehavior: FallbackBehavior | undefined;
+}
+export interface AsnMatchStatement {
+  AsnList: number[] | undefined;
+  ForwardedIPConfig?: ForwardedIPConfig | undefined;
+}
 export declare const OversizeHandling: {
   readonly CONTINUE: "CONTINUE";
   readonly MATCH: "MATCH";
@@ -66,12 +80,6 @@ export interface Headers {
   MatchScope: MapMatchScope | undefined;
   OversizeHandling: OversizeHandling | undefined;
 }
-export declare const FallbackBehavior: {
-  readonly MATCH: "MATCH";
-  readonly NO_MATCH: "NO_MATCH";
-};
-export type FallbackBehavior =
-  (typeof FallbackBehavior)[keyof typeof FallbackBehavior];
 export interface JA3Fingerprint {
   FallbackBehavior: FallbackBehavior | undefined;
 }
@@ -427,10 +435,6 @@ export declare const CountryCode: {
   readonly ZW: "ZW";
 };
 export type CountryCode = (typeof CountryCode)[keyof typeof CountryCode];
-export interface ForwardedIPConfig {
-  HeaderName: string | undefined;
-  FallbackBehavior: FallbackBehavior | undefined;
-}
 export interface GeoMatchStatement {
   CountryCodes?: CountryCode[] | undefined;
   ForwardedIPConfig?: ForwardedIPConfig | undefined;
@@ -588,6 +592,7 @@ export declare const RateBasedStatementAggregateKeyType: {
 };
 export type RateBasedStatementAggregateKeyType =
   (typeof RateBasedStatementAggregateKeyType)[keyof typeof RateBasedStatementAggregateKeyType];
+export interface RateLimitAsn {}
 export interface RateLimitCookie {
   Name: string | undefined;
   TextTransformations: TextTransformation[] | undefined;
@@ -630,6 +635,7 @@ export interface RateBasedStatementCustomKey {
   UriPath?: RateLimitUriPath | undefined;
   JA3Fingerprint?: RateLimitJA3Fingerprint | undefined;
   JA4Fingerprint?: RateLimitJA4Fingerprint | undefined;
+  ASN?: RateLimitAsn | undefined;
 }
 export interface RegexMatchStatement {
   RegexString: string | undefined;
@@ -1698,6 +1704,7 @@ export interface Statement {
   ManagedRuleGroupStatement?: ManagedRuleGroupStatement | undefined;
   LabelMatchStatement?: LabelMatchStatement | undefined;
   RegexMatchStatement?: RegexMatchStatement | undefined;
+  AsnMatchStatement?: AsnMatchStatement | undefined;
 }
 export interface ManagedRuleGroupStatement {
   VendorName: string | undefined;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-wafv2",
   "description": "AWS SDK for JavaScript Wafv2 Client for Node.js, Browser and React Native",
-  "version": "3.821.0",
+  "version": "3.825.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-wafv2",
@@ -20,38 +20,38 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.821.0",
-    "@aws-sdk/credential-provider-node": "3.821.0",
+    "@aws-sdk/core": "3.825.0",
+    "@aws-sdk/credential-provider-node": "3.825.0",
     "@aws-sdk/middleware-host-header": "3.821.0",
     "@aws-sdk/middleware-logger": "3.821.0",
     "@aws-sdk/middleware-recursion-detection": "3.821.0",
-    "@aws-sdk/middleware-user-agent": "3.821.0",
+    "@aws-sdk/middleware-user-agent": "3.825.0",
     "@aws-sdk/region-config-resolver": "3.821.0",
     "@aws-sdk/types": "3.821.0",
     "@aws-sdk/util-endpoints": "3.821.0",
     "@aws-sdk/util-user-agent-browser": "3.821.0",
-    "@aws-sdk/util-user-agent-node": "3.821.0",
+    "@aws-sdk/util-user-agent-node": "3.825.0",
     "@smithy/config-resolver": "^4.1.4",
-    "@smithy/core": "^3.5.1",
+    "@smithy/core": "^3.5.2",
     "@smithy/fetch-http-handler": "^5.0.4",
     "@smithy/hash-node": "^4.0.4",
     "@smithy/invalid-dependency": "^4.0.4",
     "@smithy/middleware-content-length": "^4.0.4",
-    "@smithy/middleware-endpoint": "^4.1.9",
-    "@smithy/middleware-retry": "^4.1.10",
+    "@smithy/middleware-endpoint": "^4.1.10",
+    "@smithy/middleware-retry": "^4.1.11",
     "@smithy/middleware-serde": "^4.0.8",
     "@smithy/middleware-stack": "^4.0.4",
     "@smithy/node-config-provider": "^4.1.3",
     "@smithy/node-http-handler": "^4.0.6",
     "@smithy/protocol-http": "^5.1.2",
-    "@smithy/smithy-client": "^4.4.1",
+    "@smithy/smithy-client": "^4.4.2",
     "@smithy/types": "^4.3.1",
     "@smithy/url-parser": "^4.0.4",
     "@smithy/util-base64": "^4.0.0",
     "@smithy/util-body-length-browser": "^4.0.0",
     "@smithy/util-body-length-node": "^4.0.0",
-    "@smithy/util-defaults-mode-browser": "^4.0.17",
-    "@smithy/util-defaults-mode-node": "^4.0.17",
+    "@smithy/util-defaults-mode-browser": "^4.0.18",
+    "@smithy/util-defaults-mode-node": "^4.0.18",
     "@smithy/util-endpoints": "^3.0.6",
     "@smithy/util-middleware": "^4.0.4",
     "@smithy/util-retry": "^4.0.5",