@aws-sdk/client-wafv2 3.826.0 → 3.828.0

package/dist-cjs/index.js

@@ -83,6 +83,7 @@ __export(index_exports, {
   ListWebACLsCommand: () => ListWebACLsCommand,
   LogScope: () => LogScope,
   LogType: () => LogType,
+  LowReputationMode: () => LowReputationMode,
   MapMatchScope: () => MapMatchScope,
   OversizeHandling: () => OversizeHandling,
   ParameterExceptionField: () => ParameterExceptionField,
@@ -97,6 +98,7 @@ __export(index_exports, {
   ResponseContentType: () => ResponseContentType,
   Scope: () => Scope,
   SensitivityLevel: () => SensitivityLevel,
+  SensitivityToAct: () => SensitivityToAct,
   SizeInspectionLimit: () => SizeInspectionLimit,
   TagResourceCommand: () => TagResourceCommand,
   TextTransformationType: () => TextTransformationType,
@@ -106,6 +108,7 @@ __export(index_exports, {
   UpdateRegexPatternSetCommand: () => UpdateRegexPatternSetCommand,
   UpdateRuleGroupCommand: () => UpdateRuleGroupCommand,
   UpdateWebACLCommand: () => UpdateWebACLCommand,
+  UsageOfAction: () => UsageOfAction,
   WAFAssociatedItemException: () => WAFAssociatedItemException,
   WAFConfigurationWarningException: () => WAFConfigurationWarningException,
   WAFDuplicateItemException: () => WAFDuplicateItemException,
@@ -629,6 +632,15 @@ var PayloadType = {
   FORM_ENCODED: "FORM_ENCODED",
   JSON: "JSON"
 };
+var SensitivityToAct = {
+  HIGH: "HIGH",
+  LOW: "LOW",
+  MEDIUM: "MEDIUM"
+};
+var UsageOfAction = {
+  DISABLED: "DISABLED",
+  ENABLED: "ENABLED"
+};
 var InspectionLevel = {
   COMMON: "COMMON",
   TARGETED: "TARGETED"
@@ -736,6 +748,7 @@ var ParameterExceptionField = {
   LABEL_MATCH_STATEMENT: "LABEL_MATCH_STATEMENT",
   LOGGING_FILTER: "LOGGING_FILTER",
   LOG_DESTINATION: "LOG_DESTINATION",
+  LOW_REPUTATION_MODE: "LOW_REPUTATION_MODE",
   MANAGED_RULE_GROUP_CONFIG: "MANAGED_RULE_GROUP_CONFIG",
   MANAGED_RULE_SET: "MANAGED_RULE_SET",
   MANAGED_RULE_SET_STATEMENT: "MANAGED_RULE_SET_STATEMENT",
@@ -1043,6 +1056,10 @@ var FieldToProtectType = {
   SINGLE_HEADER: "SINGLE_HEADER",
   SINGLE_QUERY_ARGUMENT: "SINGLE_QUERY_ARGUMENT"
 };
+var LowReputationMode = {
+  ACTIVE_UNDER_DDOS: "ACTIVE_UNDER_DDOS",
+  ALWAYS_ON: "ALWAYS_ON"
+};
 var WAFConfigurationWarningException = class _WAFConfigurationWarningException extends WAFV2ServiceException {
   static {
     __name(this, "WAFConfigurationWarningException");
@@ -2508,6 +2525,7 @@ var se_CreateWebACLRequest = /* @__PURE__ */ __name((input, context) => {
     DefaultAction: import_smithy_client._json,
     Description: [],
     Name: [],
+    OnSourceDDoSProtectionConfig: import_smithy_client._json,
     Rules: /* @__PURE__ */ __name((_) => se_Rules(_, context), "Rules"),
     Scope: [],
     Tags: import_smithy_client._json,
@@ -2638,6 +2656,7 @@ var se_UpdateWebACLRequest = /* @__PURE__ */ __name((input, context) => {
     Id: [],
     LockToken: [],
     Name: [],
+    OnSourceDDoSProtectionConfig: import_smithy_client._json,
     Rules: /* @__PURE__ */ __name((_) => se_Rules(_, context), "Rules"),
     Scope: [],
     TokenDomains: import_smithy_client._json,
@@ -2956,6 +2975,7 @@ var de_WebACL = /* @__PURE__ */ __name((output, context) => {
     LabelNamespace: import_smithy_client.expectString,
     ManagedByFirewallManager: import_smithy_client.expectBoolean,
     Name: import_smithy_client.expectString,
+    OnSourceDDoSProtectionConfig: import_smithy_client._json,
     PostProcessFirewallManagerRuleGroups: /* @__PURE__ */ __name((_) => de_FirewallManagerRuleGroups(_, context), "PostProcessFirewallManagerRuleGroups"),
     PreProcessFirewallManagerRuleGroups: /* @__PURE__ */ __name((_) => de_FirewallManagerRuleGroups(_, context), "PreProcessFirewallManagerRuleGroups"),
     RetrofittedByFirewallManager: import_smithy_client.expectBoolean,
@@ -3941,6 +3961,8 @@ var WAFV2 = class extends WAFV2Client {
   ForwardedIPPosition,
   LabelMatchScope,
   PayloadType,
+  SensitivityToAct,
+  UsageOfAction,
   InspectionLevel,
   RateBasedStatementAggregateKeyType,
   ComparisonOperator,
@@ -3966,6 +3988,7 @@ var WAFV2 = class extends WAFV2Client {
   ResponseContentType,
   DataProtectionAction,
   FieldToProtectType,
+  LowReputationMode,
   WAFConfigurationWarningException,
   WAFAssociatedItemException,
   LogScope,

package/dist-es/models/models_0.js

@@ -326,6 +326,15 @@ export const PayloadType = {
     FORM_ENCODED: "FORM_ENCODED",
     JSON: "JSON",
 };
+export const SensitivityToAct = {
+    HIGH: "HIGH",
+    LOW: "LOW",
+    MEDIUM: "MEDIUM",
+};
+export const UsageOfAction = {
+    DISABLED: "DISABLED",
+    ENABLED: "ENABLED",
+};
 export const InspectionLevel = {
     COMMON: "COMMON",
     TARGETED: "TARGETED",
@@ -421,6 +430,7 @@ export const ParameterExceptionField = {
     LABEL_MATCH_STATEMENT: "LABEL_MATCH_STATEMENT",
     LOGGING_FILTER: "LOGGING_FILTER",
     LOG_DESTINATION: "LOG_DESTINATION",
+    LOW_REPUTATION_MODE: "LOW_REPUTATION_MODE",
     MANAGED_RULE_GROUP_CONFIG: "MANAGED_RULE_GROUP_CONFIG",
     MANAGED_RULE_SET: "MANAGED_RULE_SET",
     MANAGED_RULE_SET_STATEMENT: "MANAGED_RULE_SET_STATEMENT",
@@ -646,6 +656,10 @@ export const FieldToProtectType = {
     SINGLE_HEADER: "SINGLE_HEADER",
     SINGLE_QUERY_ARGUMENT: "SINGLE_QUERY_ARGUMENT",
 };
+export const LowReputationMode = {
+    ACTIVE_UNDER_DDOS: "ACTIVE_UNDER_DDOS",
+    ALWAYS_ON: "ALWAYS_ON",
+};
 export class WAFConfigurationWarningException extends __BaseException {
     name = "WAFConfigurationWarningException";
     $fault = "client";

package/dist-es/protocols/Aws_json1_1.js

@@ -1314,6 +1314,7 @@ const se_CreateWebACLRequest = (input, context) => {
         DefaultAction: _json,
         Description: [],
         Name: [],
+        OnSourceDDoSProtectionConfig: _json,
         Rules: (_) => se_Rules(_, context),
         Scope: [],
         Tags: _json,
@@ -1448,6 +1449,7 @@ const se_UpdateWebACLRequest = (input, context) => {
         Id: [],
         LockToken: [],
         Name: [],
+        OnSourceDDoSProtectionConfig: _json,
         Rules: (_) => se_Rules(_, context),
         Scope: [],
         TokenDomains: _json,
@@ -1780,6 +1782,7 @@ const de_WebACL = (output, context) => {
         LabelNamespace: __expectString,
         ManagedByFirewallManager: __expectBoolean,
         Name: __expectString,
+        OnSourceDDoSProtectionConfig: _json,
         PostProcessFirewallManagerRuleGroups: (_) => de_FirewallManagerRuleGroups(_, context),
         PreProcessFirewallManagerRuleGroups: (_) => de_FirewallManagerRuleGroups(_, context),
         RetrofittedByFirewallManager: __expectBoolean,

package/dist-types/commands/CheckCapacityCommand.d.ts

@@ -760,6 +760,20 @@ declare const CheckCapacityCommand_base: {
  *                     },
  *                     EnableRegexInPath: true || false,
  *                   },
+ *                   AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ *                     ClientSideActionConfig: { // ClientSideActionConfig
+ *                       Challenge: { // ClientSideAction
+ *                         UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                         Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                         ExemptUriRegularExpressions: [ // RegularExpressionList
+ *                           { // Regex
+ *                             RegexString: "STRING_VALUE",
+ *                           },
+ *                         ],
+ *                       },
+ *                     },
+ *                     SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *                   },
  *                 },
  *               ],
  *               RuleActionOverrides: [
@@ -985,6 +999,20 @@ declare const CheckCapacityCommand_base: {
  *                 },
  *                 EnableRegexInPath: true || false,
  *               },
+ *               AWSManagedRulesAntiDDoSRuleSet: {
+ *                 ClientSideActionConfig: {
+ *                   Challenge: {
+ *                     UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                     Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                     ExemptUriRegularExpressions: [
+ *                       {
+ *                         RegexString: "STRING_VALUE",
+ *                       },
+ *                     ],
+ *                   },
+ *                 },
+ *                 SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *               },
  *             },
  *           ],
  *           RuleActionOverrides: [

package/dist-types/commands/CreateRuleGroupCommand.d.ts

@@ -753,6 +753,20 @@ declare const CreateRuleGroupCommand_base: {
  *                     },
  *                     EnableRegexInPath: true || false,
  *                   },
+ *                   AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ *                     ClientSideActionConfig: { // ClientSideActionConfig
+ *                       Challenge: { // ClientSideAction
+ *                         UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                         Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                         ExemptUriRegularExpressions: [ // RegularExpressionList
+ *                           { // Regex
+ *                             RegexString: "STRING_VALUE",
+ *                           },
+ *                         ],
+ *                       },
+ *                     },
+ *                     SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *                   },
  *                 },
  *               ],
  *               RuleActionOverrides: [
@@ -978,6 +992,20 @@ declare const CreateRuleGroupCommand_base: {
  *                 },
  *                 EnableRegexInPath: true || false,
  *               },
+ *               AWSManagedRulesAntiDDoSRuleSet: {
+ *                 ClientSideActionConfig: {
+ *                   Challenge: {
+ *                     UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                     Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                     ExemptUriRegularExpressions: [
+ *                       {
+ *                         RegexString: "STRING_VALUE",
+ *                       },
+ *                     ],
+ *                   },
+ *                 },
+ *                 SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *               },
  *             },
  *           ],
  *           RuleActionOverrides: [

package/dist-types/commands/CreateWebACLCommand.d.ts

@@ -756,6 +756,20 @@ declare const CreateWebACLCommand_base: {
  *                     },
  *                     EnableRegexInPath: true || false,
  *                   },
+ *                   AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ *                     ClientSideActionConfig: { // ClientSideActionConfig
+ *                       Challenge: { // ClientSideAction
+ *                         UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                         Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                         ExemptUriRegularExpressions: [ // RegularExpressionList
+ *                           { // Regex
+ *                             RegexString: "STRING_VALUE",
+ *                           },
+ *                         ],
+ *                       },
+ *                     },
+ *                     SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *                   },
  *                 },
  *               ],
  *               RuleActionOverrides: [
@@ -973,6 +987,20 @@ declare const CreateWebACLCommand_base: {
  *                 },
  *                 EnableRegexInPath: true || false,
  *               },
+ *               AWSManagedRulesAntiDDoSRuleSet: {
+ *                 ClientSideActionConfig: {
+ *                   Challenge: {
+ *                     UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                     Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                     ExemptUriRegularExpressions: [
+ *                       {
+ *                         RegexString: "STRING_VALUE",
+ *                       },
+ *                     ],
+ *                   },
+ *                 },
+ *                 SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *               },
  *             },
  *           ],
  *           RuleActionOverrides: [
@@ -1089,6 +1117,9 @@ declare const CreateWebACLCommand_base: {
  *       },
  *     },
  *   },
+ *   OnSourceDDoSProtectionConfig: { // OnSourceDDoSProtectionConfig
+ *     ALBLowReputationMode: "ACTIVE_UNDER_DDOS" || "ALWAYS_ON", // required
+ *   },
  * };
  * const command = new CreateWebACLCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/GetRuleGroupCommand.d.ts

@@ -762,6 +762,20 @@ declare const GetRuleGroupCommand_base: {
  * //                       },
  * //                       EnableRegexInPath: true || false,
  * //                     },
+ * //                     AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ * //                       ClientSideActionConfig: { // ClientSideActionConfig
+ * //                         Challenge: { // ClientSideAction
+ * //                           UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                           Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                           ExemptUriRegularExpressions: [ // RegularExpressionList
+ * //                             { // Regex
+ * //                               RegexString: "STRING_VALUE",
+ * //                             },
+ * //                           ],
+ * //                         },
+ * //                       },
+ * //                       SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                     },
  * //                   },
  * //                 ],
  * //                 RuleActionOverrides: [
@@ -987,6 +1001,20 @@ declare const GetRuleGroupCommand_base: {
  * //                   },
  * //                   EnableRegexInPath: true || false,
  * //                 },
+ * //                 AWSManagedRulesAntiDDoSRuleSet: {
+ * //                   ClientSideActionConfig: {
+ * //                     Challenge: {
+ * //                       UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                       Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                       ExemptUriRegularExpressions: [
+ * //                         {
+ * //                           RegexString: "STRING_VALUE",
+ * //                         },
+ * //                       ],
+ * //                     },
+ * //                   },
+ * //                   SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                 },
  * //               },
  * //             ],
  * //             RuleActionOverrides: [

package/dist-types/commands/GetWebACLCommand.d.ts

@@ -765,6 +765,20 @@ declare const GetWebACLCommand_base: {
  * //                       },
  * //                       EnableRegexInPath: true || false,
  * //                     },
+ * //                     AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ * //                       ClientSideActionConfig: { // ClientSideActionConfig
+ * //                         Challenge: { // ClientSideAction
+ * //                           UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                           Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                           ExemptUriRegularExpressions: [ // RegularExpressionList
+ * //                             { // Regex
+ * //                               RegexString: "STRING_VALUE",
+ * //                             },
+ * //                           ],
+ * //                         },
+ * //                       },
+ * //                       SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                     },
  * //                   },
  * //                 ],
  * //                 RuleActionOverrides: [
@@ -982,6 +996,20 @@ declare const GetWebACLCommand_base: {
  * //                   },
  * //                   EnableRegexInPath: true || false,
  * //                 },
+ * //                 AWSManagedRulesAntiDDoSRuleSet: {
+ * //                   ClientSideActionConfig: {
+ * //                     Challenge: {
+ * //                       UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                       Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                       ExemptUriRegularExpressions: [
+ * //                         {
+ * //                           RegexString: "STRING_VALUE",
+ * //                         },
+ * //                       ],
+ * //                     },
+ * //                   },
+ * //                   SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                 },
  * //               },
  * //             ],
  * //             RuleActionOverrides: [
@@ -1161,6 +1189,20 @@ declare const GetWebACLCommand_base: {
  * //                   ResponseInspection: "<ResponseInspection>",
  * //                   EnableRegexInPath: true || false,
  * //                 },
+ * //                 AWSManagedRulesAntiDDoSRuleSet: {
+ * //                   ClientSideActionConfig: {
+ * //                     Challenge: {
+ * //                       UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                       Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                       ExemptUriRegularExpressions: [
+ * //                         {
+ * //                           RegexString: "STRING_VALUE",
+ * //                         },
+ * //                       ],
+ * //                     },
+ * //                   },
+ * //                   SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                 },
  * //               },
  * //             ],
  * //             RuleActionOverrides: [
@@ -1242,6 +1284,20 @@ declare const GetWebACLCommand_base: {
  * //                   ResponseInspection: "<ResponseInspection>",
  * //                   EnableRegexInPath: true || false,
  * //                 },
+ * //                 AWSManagedRulesAntiDDoSRuleSet: {
+ * //                   ClientSideActionConfig: {
+ * //                     Challenge: {
+ * //                       UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                       Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                       ExemptUriRegularExpressions: [
+ * //                         {
+ * //                           RegexString: "STRING_VALUE",
+ * //                         },
+ * //                       ],
+ * //                     },
+ * //                   },
+ * //                   SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                 },
  * //               },
  * //             ],
  * //             RuleActionOverrides: "<RuleActionOverrides>",
@@ -1292,6 +1348,9 @@ declare const GetWebACLCommand_base: {
  * //       },
  * //     },
  * //     RetrofittedByFirewallManager: true || false,
+ * //     OnSourceDDoSProtectionConfig: { // OnSourceDDoSProtectionConfig
+ * //       ALBLowReputationMode: "ACTIVE_UNDER_DDOS" || "ALWAYS_ON", // required
+ * //     },
  * //   },
  * //   LockToken: "STRING_VALUE",
  * //   ApplicationIntegrationURL: "STRING_VALUE",

package/dist-types/commands/GetWebACLForResourceCommand.d.ts

@@ -772,6 +772,20 @@ declare const GetWebACLForResourceCommand_base: {
  * //                       },
  * //                       EnableRegexInPath: true || false,
  * //                     },
+ * //                     AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ * //                       ClientSideActionConfig: { // ClientSideActionConfig
+ * //                         Challenge: { // ClientSideAction
+ * //                           UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                           Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                           ExemptUriRegularExpressions: [ // RegularExpressionList
+ * //                             { // Regex
+ * //                               RegexString: "STRING_VALUE",
+ * //                             },
+ * //                           ],
+ * //                         },
+ * //                       },
+ * //                       SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                     },
  * //                   },
  * //                 ],
  * //                 RuleActionOverrides: [
@@ -989,6 +1003,20 @@ declare const GetWebACLForResourceCommand_base: {
  * //                   },
  * //                   EnableRegexInPath: true || false,
  * //                 },
+ * //                 AWSManagedRulesAntiDDoSRuleSet: {
+ * //                   ClientSideActionConfig: {
+ * //                     Challenge: {
+ * //                       UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                       Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                       ExemptUriRegularExpressions: [
+ * //                         {
+ * //                           RegexString: "STRING_VALUE",
+ * //                         },
+ * //                       ],
+ * //                     },
+ * //                   },
+ * //                   SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                 },
  * //               },
  * //             ],
  * //             RuleActionOverrides: [
@@ -1168,6 +1196,20 @@ declare const GetWebACLForResourceCommand_base: {
  * //                   ResponseInspection: "<ResponseInspection>",
  * //                   EnableRegexInPath: true || false,
  * //                 },
+ * //                 AWSManagedRulesAntiDDoSRuleSet: {
+ * //                   ClientSideActionConfig: {
+ * //                     Challenge: {
+ * //                       UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                       Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                       ExemptUriRegularExpressions: [
+ * //                         {
+ * //                           RegexString: "STRING_VALUE",
+ * //                         },
+ * //                       ],
+ * //                     },
+ * //                   },
+ * //                   SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                 },
  * //               },
  * //             ],
  * //             RuleActionOverrides: [
@@ -1249,6 +1291,20 @@ declare const GetWebACLForResourceCommand_base: {
  * //                   ResponseInspection: "<ResponseInspection>",
  * //                   EnableRegexInPath: true || false,
  * //                 },
+ * //                 AWSManagedRulesAntiDDoSRuleSet: {
+ * //                   ClientSideActionConfig: {
+ * //                     Challenge: {
+ * //                       UsageOfAction: "ENABLED" || "DISABLED", // required
+ * //                       Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ * //                       ExemptUriRegularExpressions: [
+ * //                         {
+ * //                           RegexString: "STRING_VALUE",
+ * //                         },
+ * //                       ],
+ * //                     },
+ * //                   },
+ * //                   SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ * //                 },
  * //               },
  * //             ],
  * //             RuleActionOverrides: "<RuleActionOverrides>",
@@ -1299,6 +1355,9 @@ declare const GetWebACLForResourceCommand_base: {
  * //       },
  * //     },
  * //     RetrofittedByFirewallManager: true || false,
+ * //     OnSourceDDoSProtectionConfig: { // OnSourceDDoSProtectionConfig
+ * //       ALBLowReputationMode: "ACTIVE_UNDER_DDOS" || "ALWAYS_ON", // required
+ * //     },
  * //   },
  * // };
  *

package/dist-types/commands/UpdateRuleGroupCommand.d.ts

@@ -788,6 +788,20 @@ declare const UpdateRuleGroupCommand_base: {
  *                     },
  *                     EnableRegexInPath: true || false,
  *                   },
+ *                   AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ *                     ClientSideActionConfig: { // ClientSideActionConfig
+ *                       Challenge: { // ClientSideAction
+ *                         UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                         Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                         ExemptUriRegularExpressions: [ // RegularExpressionList
+ *                           { // Regex
+ *                             RegexString: "STRING_VALUE",
+ *                           },
+ *                         ],
+ *                       },
+ *                     },
+ *                     SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *                   },
  *                 },
  *               ],
  *               RuleActionOverrides: [
@@ -1013,6 +1027,20 @@ declare const UpdateRuleGroupCommand_base: {
  *                 },
  *                 EnableRegexInPath: true || false,
  *               },
+ *               AWSManagedRulesAntiDDoSRuleSet: {
+ *                 ClientSideActionConfig: {
+ *                   Challenge: {
+ *                     UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                     Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                     ExemptUriRegularExpressions: [
+ *                       {
+ *                         RegexString: "STRING_VALUE",
+ *                       },
+ *                     ],
+ *                   },
+ *                 },
+ *                 SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *               },
  *             },
  *           ],
  *           RuleActionOverrides: [

package/dist-types/commands/UpdateWebACLCommand.d.ts

@@ -793,6 +793,20 @@ declare const UpdateWebACLCommand_base: {
  *                     },
  *                     EnableRegexInPath: true || false,
  *                   },
+ *                   AWSManagedRulesAntiDDoSRuleSet: { // AWSManagedRulesAntiDDoSRuleSet
+ *                     ClientSideActionConfig: { // ClientSideActionConfig
+ *                       Challenge: { // ClientSideAction
+ *                         UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                         Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                         ExemptUriRegularExpressions: [ // RegularExpressionList
+ *                           { // Regex
+ *                             RegexString: "STRING_VALUE",
+ *                           },
+ *                         ],
+ *                       },
+ *                     },
+ *                     SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *                   },
  *                 },
  *               ],
  *               RuleActionOverrides: [
@@ -1010,6 +1024,20 @@ declare const UpdateWebACLCommand_base: {
  *                 },
  *                 EnableRegexInPath: true || false,
  *               },
+ *               AWSManagedRulesAntiDDoSRuleSet: {
+ *                 ClientSideActionConfig: {
+ *                   Challenge: {
+ *                     UsageOfAction: "ENABLED" || "DISABLED", // required
+ *                     Sensitivity: "LOW" || "MEDIUM" || "HIGH",
+ *                     ExemptUriRegularExpressions: [
+ *                       {
+ *                         RegexString: "STRING_VALUE",
+ *                       },
+ *                     ],
+ *                   },
+ *                 },
+ *                 SensitivityToBlock: "LOW" || "MEDIUM" || "HIGH",
+ *               },
  *             },
  *           ],
  *           RuleActionOverrides: [
@@ -1121,6 +1149,9 @@ declare const UpdateWebACLCommand_base: {
  *       },
  *     },
  *   },
+ *   OnSourceDDoSProtectionConfig: { // OnSourceDDoSProtectionConfig
+ *     ALBLowReputationMode: "ACTIVE_UNDER_DDOS" || "ALWAYS_ON", // required
+ *   },
  * };
  * const command = new UpdateWebACLCommand(input);
  * const response = await client.send(command);

package/dist-types/models/models_0.d.ts

@@ -2068,6 +2068,10 @@ export interface ResponseInspection {
 }
 /**
  * <p>Details for your use of the account creation fraud prevention managed rule group, <code>AWSManagedRulesACFPRuleSet</code>. This configuration is used in <code>ManagedRuleGroupConfig</code>. </p>
+ *          <p>For additional information about this and the other intelligent threat mitigation rule groups,
+ *     see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent threat mitigation in WAF</a>
+ *     and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon Web Services Managed Rules rule groups list</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  * @public
  */
 export interface AWSManagedRulesACFPRuleSet {
@@ -2123,6 +2127,185 @@ export interface AWSManagedRulesACFPRuleSet {
      */
     EnableRegexInPath?: boolean | undefined;
 }
+/**
+ * <p>A single regular expression. This is used in a <a>RegexPatternSet</a> and
+ *            also in the configuration for the Amazon Web Services Managed Rules rule group <code>AWSManagedRulesAntiDDoSRuleSet</code>.</p>
+ * @public
+ */
+export interface Regex {
+    /**
+     * <p>The string representing the regular expression.</p>
+     * @public
+     */
+    RegexString?: string | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const SensitivityToAct: {
+    readonly HIGH: "HIGH";
+    readonly LOW: "LOW";
+    readonly MEDIUM: "MEDIUM";
+};
+/**
+ * @public
+ */
+export type SensitivityToAct = (typeof SensitivityToAct)[keyof typeof SensitivityToAct];
+/**
+ * @public
+ * @enum
+ */
+export declare const UsageOfAction: {
+    readonly DISABLED: "DISABLED";
+    readonly ENABLED: "ENABLED";
+};
+/**
+ * @public
+ */
+export type UsageOfAction = (typeof UsageOfAction)[keyof typeof UsageOfAction];
+/**
+ * <p>This is part of the <code>AWSManagedRulesAntiDDoSRuleSet</code>
+ *             <code>ClientSideActionConfig</code> configuration in <code>ManagedRuleGroupConfig</code>.</p>
+ * @public
+ */
+export interface ClientSideAction {
+    /**
+     * <p>Determines whether to use the <code>AWSManagedRulesAntiDDoSRuleSet</code> rules <code>ChallengeAllDuringEvent</code> and <code>ChallengeDDoSRequests</code> in the rule group evaluation and the related label <code>awswaf:managed:aws:anti-ddos:challengeable-request</code>. </p>
+     *          <ul>
+     *             <li>
+     *                <p>If usage is enabled: </p>
+     *                <ul>
+     *                   <li>
+     *                      <p>The managed rule group adds the label <code>awswaf:managed:aws:anti-ddos:challengeable-request</code> to any web request whose URL does <i>NOT</i> match the regular expressions provided in the
+     *                    <code>ClientSideAction</code> setting <code>ExemptUriRegularExpressions</code>. </p>
+     *                   </li>
+     *                   <li>
+     *                      <p>The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack.
+     *                The two rules only apply their action to matching requests that have the label <code>awswaf:managed:aws:anti-ddos:challengeable-request</code>.
+     *            </p>
+     *                   </li>
+     *                </ul>
+     *             </li>
+     *             <li>
+     *                <p>If usage is disabled: </p>
+     *                <ul>
+     *                   <li>
+     *                      <p>The managed rule group doesn't add the label <code>awswaf:managed:aws:anti-ddos:challengeable-request</code> to any web requests. </p>
+     *                   </li>
+     *                   <li>
+     *                      <p>The two rules are not evaluated.</p>
+     *                   </li>
+     *                   <li>
+     *                      <p>None of the other <code>ClientSideAction</code> settings have any effect.</p>
+     *                   </li>
+     *                </ul>
+     *             </li>
+     *          </ul>
+     *          <note>
+     *             <p>This setting only enables or disables the use of the two anti-DDOS rules <code>ChallengeAllDuringEvent</code> and <code>ChallengeDDoSRequests</code> in the anti-DDoS managed rule group. </p>
+     *             <p>This setting doesn't alter the action setting in the two rules. To override the actions
+     *            used by the rules <code>ChallengeAllDuringEvent</code> and <code>ChallengeDDoSRequests</code>,
+     *                enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration. </p>
+     *          </note>
+     * @public
+     */
+    UsageOfAction: UsageOfAction | undefined;
+    /**
+     * <p>The sensitivity that the rule group rule <code>ChallengeDDoSRequests</code> uses when matching against the
+     *            DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the <code>ChallengeDDoSRequests</code> rule runs.
+     *        </p>
+     *          <p>The higher the sensitivity, the more levels of labeling that the rule matches: </p>
+     *          <ul>
+     *             <li>
+     *                <p>Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label <code>awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request</code>.</p>
+     *             </li>
+     *             <li>
+     *                <p>Medium sensitivity causes the rule to match on the medium and high suspicion labels.</p>
+     *             </li>
+     *             <li>
+     *                <p>High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.</p>
+     *             </li>
+     *          </ul>
+     *          <p>Default: <code>HIGH</code>
+     *          </p>
+     * @public
+     */
+    Sensitivity?: SensitivityToAct | undefined;
+    /**
+     * <p>The regular expression to match against the web request URI, used to identify requests
+     *        that can't handle a silent browser challenge. When the <code>ClientSideAction</code> setting <code>UsageOfAction</code> is enabled,
+     *        the managed rule group uses this setting to determine which requests to label with
+     *        <code>awswaf:managed:aws:anti-ddos:challengeable-request</code>. If <code>UsageOfAction</code> is disabled, this setting
+     *    has no effect and the managed rule group doesn't add the label to any requests.</p>
+     *          <p>The anti-DDoS managed rule group doesn't
+     *            evaluate the rules <code>ChallengeDDoSRequests</code> or <code>ChallengeAllDuringEvent</code> for web requests whose URIs match this regex. This
+     *        is true regardless of whether you override the rule action for either of the rules in your web ACL configuration. </p>
+     *          <p>Amazon Web Services recommends using a regular expression. </p>
+     *          <p>This setting is required if <code>UsageOfAction</code> is set to <code>ENABLED</code>. If required, you can provide
+     *        between 1 and 5 regex objects in the array of settings. </p>
+     *          <p>Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:</p>
+     *          <p>
+     *             <code>\/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$</code>
+     *          </p>
+     * @public
+     */
+    ExemptUriRegularExpressions?: Regex[] | undefined;
+}
+/**
+ * <p>This is part of the configuration for the managed rules <code>AWSManagedRulesAntiDDoSRuleSet</code>
+ *                in <code>ManagedRuleGroupConfig</code>.</p>
+ * @public
+ */
+export interface ClientSideActionConfig {
+    /**
+     * <p>Configuration for the use of the <code>AWSManagedRulesAntiDDoSRuleSet</code> rules <code>ChallengeAllDuringEvent</code> and <code>ChallengeDDoSRequests</code>. </p>
+     *          <note>
+     *             <p>This setting isn't related to the configuration of the <code>Challenge</code> action itself. It only
+     *        configures the use of the two anti-DDoS rules named here. </p>
+     *          </note>
+     *          <p>You can enable or disable the use of these rules, and you can configure how to use them when they are enabled. </p>
+     * @public
+     */
+    Challenge: ClientSideAction | undefined;
+}
+/**
+ * <p>Configures the use of the anti-DDoS managed rule group, <code>AWSManagedRulesAntiDDoSRuleSet</code>. This configuration is used in <code>ManagedRuleGroupConfig</code>. </p>
+ *          <p>The configuration that you provide here determines whether and how the rules in the rule group are used. </p>
+ *          <p>For additional information about this and the other intelligent threat mitigation rule groups,
+ *     see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent threat mitigation in WAF</a>
+ *     and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon Web Services Managed Rules rule groups list</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
+ * @public
+ */
+export interface AWSManagedRulesAntiDDoSRuleSet {
+    /**
+     * <p>Configures the request handling that's applied by the managed rule group rules <code>ChallengeAllDuringEvent</code> and <code>ChallengeDDoSRequests</code> during a distributed denial of service (DDoS) attack.</p>
+     * @public
+     */
+    ClientSideActionConfig: ClientSideActionConfig | undefined;
+    /**
+     * <p>The sensitivity that the rule group rule <code>DDoSRequests</code> uses when matching against the
+     *            DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the <code>DDoSRequests</code> rule runs.
+     *        </p>
+     *          <p>The higher the sensitivity, the more levels of labeling that the rule matches: </p>
+     *          <ul>
+     *             <li>
+     *                <p>Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label <code>awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request</code>.</p>
+     *             </li>
+     *             <li>
+     *                <p>Medium sensitivity causes the rule to match on the medium and high suspicion labels.</p>
+     *             </li>
+     *             <li>
+     *                <p>High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.</p>
+     *             </li>
+     *          </ul>
+     *          <p>Default: <code>LOW</code>
+     *          </p>
+     * @public
+     */
+    SensitivityToBlock?: SensitivityToAct | undefined;
+}
 /**
  * <p>The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.  </p>
  *          <p>This is part of the <code>AWSManagedRulesATPRuleSet</code> configuration in <code>ManagedRuleGroupConfig</code>.</p>
@@ -2186,6 +2369,10 @@ export interface RequestInspection {
 }
 /**
  * <p>Details for your use of the account takeover prevention managed rule group, <code>AWSManagedRulesATPRuleSet</code>. This configuration is used in <code>ManagedRuleGroupConfig</code>. </p>
+ *          <p>For additional information about this and the other intelligent threat mitigation rule groups,
+ *     see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent threat mitigation in WAF</a>
+ *     and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon Web Services Managed Rules rule groups list</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  * @public
  */
 export interface AWSManagedRulesATPRuleSet {
@@ -2232,6 +2419,10 @@ export declare const InspectionLevel: {
 export type InspectionLevel = (typeof InspectionLevel)[keyof typeof InspectionLevel];
 /**
  * <p>Details for your use of the Bot Control managed rule group, <code>AWSManagedRulesBotControlRuleSet</code>. This configuration is used in <code>ManagedRuleGroupConfig</code>. </p>
+ *          <p>For additional information about this and the other intelligent threat mitigation rule groups,
+ *     see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent threat mitigation in WAF</a>
+ *     and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon Web Services Managed Rules rule groups list</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  * @public
  */
 export interface AWSManagedRulesBotControlRuleSet {
@@ -2264,6 +2455,9 @@ export interface AWSManagedRulesBotControlRuleSet {
  *                <p>Use the <code>AWSManagedRulesACFPRuleSet</code> configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields. </p>
  *             </li>
  *             <li>
+ *                <p>Use the <code>AWSManagedRulesAntiDDoSRuleSet</code> configuration object to configure the anti-DDoS managed rule group. The configuration includes the sensitivity levels to use in the rules that typically block and challenge requests that might be participating in DDoS attacks and the specification to use to indicate whether a request can handle a silent browser challenge. </p>
+ *             </li>
+ *             <li>
  *                <p>Use the <code>AWSManagedRulesATPRuleSet</code> configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password. </p>
  *             </li>
  *             <li>
@@ -2343,6 +2537,16 @@ export interface ManagedRuleGroupConfig {
      * @public
      */
     AWSManagedRulesACFPRuleSet?: AWSManagedRulesACFPRuleSet | undefined;
+    /**
+     * <p>Additional configuration for using the anti-DDoS managed rule group, <code>AWSManagedRulesAntiDDoSRuleSet</code>.
+     *        Use this to configure anti-DDoS behavior for the rule group. </p>
+     *          <p>For information
+     *        about using the anti-DDoS managed rule group, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-anti-ddos.html">WAF Anti-DDoS rule group</a>
+     *                and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-anti-ddos.html">Distributed Denial of Service (DDoS) prevention</a>
+     *                in the <i>WAF Developer Guide</i>.</p>
+     * @public
+     */
+    AWSManagedRulesAntiDDoSRuleSet?: AWSManagedRulesAntiDDoSRuleSet | undefined;
 }
 /**
  * <p>A custom response to send to the client. You can define a custom response for rule
@@ -2899,7 +3103,7 @@ export interface RuleGroupReferenceStatement {
     /**
      * <p>Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. </p>
      *          <note>
-     *             <p>Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, WAF doesn't return an error and doesn't apply the override setting.</p>
+     *             <p>Verify the rule names in your overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.</p>
      *          </note>
      *          <p>You can use overrides for testing, for example you can override all of rule actions to <code>Count</code> and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.</p>
      * @public
@@ -3183,6 +3387,7 @@ export declare const ParameterExceptionField: {
     readonly LABEL_MATCH_STATEMENT: "LABEL_MATCH_STATEMENT";
     readonly LOGGING_FILTER: "LOGGING_FILTER";
     readonly LOG_DESTINATION: "LOG_DESTINATION";
+    readonly LOW_REPUTATION_MODE: "LOW_REPUTATION_MODE";
     readonly MANAGED_RULE_GROUP_CONFIG: "MANAGED_RULE_GROUP_CONFIG";
     readonly MANAGED_RULE_SET: "MANAGED_RULE_SET";
     readonly MANAGED_RULE_SET_STATEMENT: "MANAGED_RULE_SET_STATEMENT";
@@ -3828,17 +4033,6 @@ export declare class WAFTagOperationInternalErrorException extends __BaseExcepti
      */
     constructor(opts: __ExceptionOptionType<WAFTagOperationInternalErrorException, __BaseException>);
 }
-/**
- * <p>A single regular expression. This is used in a <a>RegexPatternSet</a>.</p>
- * @public
- */
-export interface Regex {
-    /**
-     * <p>The string representing the regular expression.</p>
-     * @public
-     */
-    RegexString?: string | undefined;
-}
 /**
  * @public
  */
@@ -4118,6 +4312,31 @@ export interface DefaultAction {
      */
     Allow?: AllowAction | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const LowReputationMode: {
+    readonly ACTIVE_UNDER_DDOS: "ACTIVE_UNDER_DDOS";
+    readonly ALWAYS_ON: "ALWAYS_ON";
+};
+/**
+ * @public
+ */
+export type LowReputationMode = (typeof LowReputationMode)[keyof typeof LowReputationMode];
+/**
+ * <p>Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.</p>
+ * @public
+ */
+export interface OnSourceDDoSProtectionConfig {
+    /**
+     * <p>The level of DDoS protection that applies to web ACLs associated with Application Load Balancers. <code>ACTIVE_UNDER_DDOS</code> protection is enabled by default whenever a web ACL is associated with an Application Load Balancer.
+     *          In the event that an Application Load Balancer experiences high-load conditions or suspected DDoS attacks, the <code>ACTIVE_UNDER_DDOS</code> protection automatically rate limits traffic from known low reputation sources without disrupting Application Load Balancer availability.
+     *       <code>ALWAYS_ON</code> protection provides constant, always-on monitoring of known low reputation sources for suspected DDoS attacks. While this provides a higher level of protection, there may be potential impacts on legitimate traffic.</p>
+     * @public
+     */
+    ALBLowReputationMode: LowReputationMode | undefined;
+}
 /**
  * <p>High-level information about a <a>WebACL</a>, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a <code>WebACL</code>, and the ARN, that you provide to operations like <a>AssociateWebACL</a>.</p>
  * @public
@@ -7539,6 +7758,9 @@ export interface ManagedRuleGroupStatement {
      *                <p>Use the <code>AWSManagedRulesACFPRuleSet</code> configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields. </p>
      *             </li>
      *             <li>
+     *                <p>Use the <code>AWSManagedRulesAntiDDoSRuleSet</code> configuration object to configure the anti-DDoS managed rule group. The configuration includes the sensitivity levels to use in the rules that typically block and challenge requests that might be participating in DDoS attacks and the specification to use to indicate whether a request can handle a silent browser challenge. </p>
+     *             </li>
+     *             <li>
      *                <p>Use the <code>AWSManagedRulesATPRuleSet</code> configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password. </p>
      *             </li>
      *             <li>
@@ -7552,7 +7774,7 @@ export interface ManagedRuleGroupStatement {
     /**
      * <p>Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. </p>
      *          <note>
-     *             <p>Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, WAF doesn't return an error and doesn't apply the override setting.</p>
+     *             <p>Verify the rule names in your overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.</p>
      *          </note>
      *          <p>You can use overrides for testing, for example you can override all of rule actions to <code>Count</code> and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.</p>
      * @public
@@ -8113,6 +8335,12 @@ export interface CreateWebACLRequest {
      * @public
      */
     AssociationConfig?: AssociationConfig | undefined;
+    /**
+     * <p>Specifies the type of DDoS protection to apply to web request data for a web ACL. For most scenarios, it is recommended to use the default protection level, <code>ACTIVE_UNDER_DDOS</code>.
+     *    If a web ACL is associated with multiple Application Load Balancers, the changes you make to DDoS protection in that web ACL will apply to all associated Application Load Balancers.</p>
+     * @public
+     */
+    OnSourceDDoSProtectionConfig?: OnSourceDDoSProtectionConfig | undefined;
 }
 /**
  * <p> A rule group defines a collection of rules to inspect and control web requests that you can use in a <a>WebACL</a>. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements. </p>
@@ -8373,6 +8601,12 @@ export interface UpdateWebACLRequest {
      * @public
      */
     AssociationConfig?: AssociationConfig | undefined;
+    /**
+     * <p>Specifies the type of DDoS protection to apply to web request data for a web ACL. For most scenarios, it is recommended to use the default protection level, <code>ACTIVE_UNDER_DDOS</code>.
+     *    If a web ACL is associated with multiple Application Load Balancers, the changes you make to DDoS protection in that web ACL will apply to all associated Application Load Balancers.</p>
+     * @public
+     */
+    OnSourceDDoSProtectionConfig?: OnSourceDDoSProtectionConfig | undefined;
 }
 /**
  * @public
@@ -8547,6 +8781,11 @@ export interface WebACL {
      * @public
      */
     RetrofittedByFirewallManager?: boolean | undefined;
+    /**
+     * <p>Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.</p>
+     * @public
+     */
+    OnSourceDDoSProtectionConfig?: OnSourceDDoSProtectionConfig | undefined;
 }
 /**
  * @public

package/dist-types/ts3.4/models/models_0.d.ts

@@ -524,6 +524,33 @@ export interface AWSManagedRulesACFPRuleSet {
   ResponseInspection?: ResponseInspection | undefined;
   EnableRegexInPath?: boolean | undefined;
 }
+export interface Regex {
+  RegexString?: string | undefined;
+}
+export declare const SensitivityToAct: {
+  readonly HIGH: "HIGH";
+  readonly LOW: "LOW";
+  readonly MEDIUM: "MEDIUM";
+};
+export type SensitivityToAct =
+  (typeof SensitivityToAct)[keyof typeof SensitivityToAct];
+export declare const UsageOfAction: {
+  readonly DISABLED: "DISABLED";
+  readonly ENABLED: "ENABLED";
+};
+export type UsageOfAction = (typeof UsageOfAction)[keyof typeof UsageOfAction];
+export interface ClientSideAction {
+  UsageOfAction: UsageOfAction | undefined;
+  Sensitivity?: SensitivityToAct | undefined;
+  ExemptUriRegularExpressions?: Regex[] | undefined;
+}
+export interface ClientSideActionConfig {
+  Challenge: ClientSideAction | undefined;
+}
+export interface AWSManagedRulesAntiDDoSRuleSet {
+  ClientSideActionConfig: ClientSideActionConfig | undefined;
+  SensitivityToBlock?: SensitivityToAct | undefined;
+}
 export interface RequestInspection {
   PayloadType: PayloadType | undefined;
   UsernameField: UsernameField | undefined;
@@ -555,6 +582,7 @@ export interface ManagedRuleGroupConfig {
     | undefined;
   AWSManagedRulesATPRuleSet?: AWSManagedRulesATPRuleSet | undefined;
   AWSManagedRulesACFPRuleSet?: AWSManagedRulesACFPRuleSet | undefined;
+  AWSManagedRulesAntiDDoSRuleSet?: AWSManagedRulesAntiDDoSRuleSet | undefined;
 }
 export interface CustomResponse {
   ResponseCode: number | undefined;
@@ -757,6 +785,7 @@ export declare const ParameterExceptionField: {
   readonly LABEL_MATCH_STATEMENT: "LABEL_MATCH_STATEMENT";
   readonly LOGGING_FILTER: "LOGGING_FILTER";
   readonly LOG_DESTINATION: "LOG_DESTINATION";
+  readonly LOW_REPUTATION_MODE: "LOW_REPUTATION_MODE";
   readonly MANAGED_RULE_GROUP_CONFIG: "MANAGED_RULE_GROUP_CONFIG";
   readonly MANAGED_RULE_SET: "MANAGED_RULE_SET";
   readonly MANAGED_RULE_SET_STATEMENT: "MANAGED_RULE_SET_STATEMENT";
@@ -977,9 +1006,6 @@ export declare class WAFTagOperationInternalErrorException extends __BaseExcepti
     >
   );
 }
-export interface Regex {
-  RegexString?: string | undefined;
-}
 export interface CreateRegexPatternSetRequest {
   Name: string | undefined;
   Scope: Scope | undefined;
@@ -1050,6 +1076,15 @@ export interface DefaultAction {
   Block?: BlockAction | undefined;
   Allow?: AllowAction | undefined;
 }
+export declare const LowReputationMode: {
+  readonly ACTIVE_UNDER_DDOS: "ACTIVE_UNDER_DDOS";
+  readonly ALWAYS_ON: "ALWAYS_ON";
+};
+export type LowReputationMode =
+  (typeof LowReputationMode)[keyof typeof LowReputationMode];
+export interface OnSourceDDoSProtectionConfig {
+  ALBLowReputationMode: LowReputationMode | undefined;
+}
 export interface WebACLSummary {
   Name?: string | undefined;
   Id?: string | undefined;
@@ -1782,6 +1817,7 @@ export interface CreateWebACLRequest {
   ChallengeConfig?: ChallengeConfig | undefined;
   TokenDomains?: string[] | undefined;
   AssociationConfig?: AssociationConfig | undefined;
+  OnSourceDDoSProtectionConfig?: OnSourceDDoSProtectionConfig | undefined;
 }
 export interface RuleGroup {
   Name: string | undefined;
@@ -1821,6 +1857,7 @@ export interface UpdateWebACLRequest {
   ChallengeConfig?: ChallengeConfig | undefined;
   TokenDomains?: string[] | undefined;
   AssociationConfig?: AssociationConfig | undefined;
+  OnSourceDDoSProtectionConfig?: OnSourceDDoSProtectionConfig | undefined;
 }
 export interface GetRuleGroupResponse {
   RuleGroup?: RuleGroup | undefined;
@@ -1846,6 +1883,7 @@ export interface WebACL {
   TokenDomains?: string[] | undefined;
   AssociationConfig?: AssociationConfig | undefined;
   RetrofittedByFirewallManager?: boolean | undefined;
+  OnSourceDDoSProtectionConfig?: OnSourceDDoSProtectionConfig | undefined;
 }
 export interface GetWebACLForResourceResponse {
   WebACL?: WebACL | undefined;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-wafv2",
   "description": "AWS SDK for JavaScript Wafv2 Client for Node.js, Browser and React Native",
-  "version": "3.826.0",
+  "version": "3.828.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-wafv2",
@@ -21,16 +21,16 @@
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
     "@aws-sdk/core": "3.826.0",
-    "@aws-sdk/credential-provider-node": "3.826.0",
+    "@aws-sdk/credential-provider-node": "3.828.0",
     "@aws-sdk/middleware-host-header": "3.821.0",
     "@aws-sdk/middleware-logger": "3.821.0",
     "@aws-sdk/middleware-recursion-detection": "3.821.0",
-    "@aws-sdk/middleware-user-agent": "3.826.0",
+    "@aws-sdk/middleware-user-agent": "3.828.0",
     "@aws-sdk/region-config-resolver": "3.821.0",
     "@aws-sdk/types": "3.821.0",
-    "@aws-sdk/util-endpoints": "3.821.0",
+    "@aws-sdk/util-endpoints": "3.828.0",
     "@aws-sdk/util-user-agent-browser": "3.821.0",
-    "@aws-sdk/util-user-agent-node": "3.826.0",
+    "@aws-sdk/util-user-agent-node": "3.828.0",
     "@smithy/config-resolver": "^4.1.4",
     "@smithy/core": "^3.5.3",
     "@smithy/fetch-http-handler": "^5.0.4",