npm - @jaypie/constructs - Versions diffs - 1.2.47 → 1.2.48 - Mend

@jaypie/constructs 1.2.47 → 1.2.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cjs/JaypieDistribution.d.ts +24 -0
package/dist/cjs/index.cjs +3 -1
package/dist/cjs/index.cjs.map +1 -1
package/dist/esm/JaypieDistribution.d.ts +24 -0
package/dist/esm/index.js +3 -1
package/dist/esm/index.js.map +1 -1
package/package.json +1 -1

package/dist/esm/JaypieDistribution.d.ts CHANGED Viewed

@@ -42,6 +42,30 @@ export interface JaypieWafConfig {
      * }
      */
     managedRuleOverrides?: Record<string, wafv2.CfnWebACL.RuleActionOverrideProperty[]>;
+    /**
+     * Optional scope-down statements per managed rule group. When supplied,
+     * the managed rule group only evaluates requests that match the
+     * scope-down statement. Key is the managed rule group name; value is a
+     * `CfnWebACL.StatementProperty`.
+     *
+     * @example
+     * // Only run AWSManagedRulesCommonRuleSet for non-/chat paths
+     * managedRuleScopeDowns: {
+     *   AWSManagedRulesCommonRuleSet: {
+     *     notStatement: {
+     *       statement: {
+     *         byteMatchStatement: {
+     *           fieldToMatch: { uriPath: {} },
+     *           positionalConstraint: "STARTS_WITH",
+     *           searchString: "/chat",
+     *           textTransformations: [{ priority: 0, type: "NONE" }],
+     *         },
+     *       },
+     *     },
+     *   },
+     * }
+     */
+    managedRuleScopeDowns?: Record<string, wafv2.CfnWebACL.StatementProperty>;
     /**
      * Managed rule group names to apply
      * @default ["AWSManagedRulesCommonRuleSet", "AWSManagedRulesKnownBadInputsRuleSet"]

package/dist/esm/index.js CHANGED Viewed

@@ -2619,12 +2619,13 @@ class JaypieDistribution extends Construct {
             }
             else {
                 // Create new WebACL
-                const { managedRuleOverrides, managedRules = DEFAULT_MANAGED_RULES, rateLimitPerIp = DEFAULT_RATE_LIMIT, } = wafConfig;
+                const { managedRuleOverrides, managedRuleScopeDowns, managedRules = DEFAULT_MANAGED_RULES, rateLimitPerIp = DEFAULT_RATE_LIMIT, } = wafConfig;
                 let priority = 0;
                 const rules = [];
                 // Add managed rule groups
                 for (const ruleName of managedRules) {
                     const ruleActionOverrides = managedRuleOverrides?.[ruleName];
+                    const scopeDownStatement = managedRuleScopeDowns?.[ruleName];
                     rules.push({
                         name: ruleName,
                         priority: priority++,
@@ -2634,6 +2635,7 @@ class JaypieDistribution extends Construct {
                                 name: ruleName,
                                 vendorName: "AWS",
                                 ...(ruleActionOverrides && { ruleActionOverrides }),
+                                ...(scopeDownStatement && { scopeDownStatement }),
                             },
                         },
                         visibilityConfig: {