aws-cdk-lib 2.181.1__py3-none-any.whl → 2.183.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of aws-cdk-lib might be problematic. Click here for more details.
- aws_cdk/__init__.py +751 -41
- aws_cdk/_jsii/__init__.py +1 -1
- aws_cdk/_jsii/{aws-cdk-lib@2.181.1.jsii.tgz → aws-cdk-lib@2.183.0.jsii.tgz} +0 -0
- aws_cdk/assertions/__init__.py +59 -0
- aws_cdk/aws_apigateway/__init__.py +122 -66
- aws_cdk/aws_applicationautoscaling/__init__.py +4 -0
- aws_cdk/aws_appsync/__init__.py +30 -4
- aws_cdk/aws_autoscaling/__init__.py +409 -36
- aws_cdk/aws_batch/__init__.py +638 -14
- aws_cdk/aws_bedrock/__init__.py +6009 -2326
- aws_cdk/aws_ce/__init__.py +141 -3
- aws_cdk/aws_certificatemanager/__init__.py +24 -0
- aws_cdk/aws_cloudformation/__init__.py +310 -35
- aws_cdk/aws_cloudfront/__init__.py +1 -0
- aws_cdk/aws_cloudtrail/__init__.py +8 -8
- aws_cdk/aws_codebuild/__init__.py +4 -10
- aws_cdk/aws_cognito/__init__.py +3 -3
- aws_cdk/aws_datazone/__init__.py +82 -0
- aws_cdk/aws_dms/__init__.py +350 -0
- aws_cdk/aws_ec2/__init__.py +95 -17
- aws_cdk/aws_ecr/__init__.py +10 -4
- aws_cdk/aws_ecs/__init__.py +58 -9
- aws_cdk/aws_eks/__init__.py +32 -3
- aws_cdk/aws_elasticache/__init__.py +3 -3
- aws_cdk/aws_emr/__init__.py +9 -3
- aws_cdk/aws_fsx/__init__.py +2 -0
- aws_cdk/aws_gameliftstreams/__init__.py +1205 -0
- aws_cdk/aws_guardduty/__init__.py +38 -26
- aws_cdk/aws_iam/__init__.py +295 -37
- aws_cdk/aws_inspector/__init__.py +180 -1
- aws_cdk/aws_iot/__init__.py +616 -22
- aws_cdk/aws_iotfleetwise/__init__.py +72 -10
- aws_cdk/aws_iotsitewise/__init__.py +14 -11
- aws_cdk/aws_kafkaconnect/__init__.py +4 -2
- aws_cdk/aws_kinesisfirehose/__init__.py +6 -0
- aws_cdk/aws_lambda/__init__.py +17 -0
- aws_cdk/aws_logs/__init__.py +135 -0
- aws_cdk/aws_medialive/__init__.py +86 -86
- aws_cdk/aws_mediapackagev2/__init__.py +22 -14
- aws_cdk/aws_msk/__init__.py +236 -128
- aws_cdk/aws_neptunegraph/__init__.py +3 -3
- aws_cdk/aws_opensearchserverless/__init__.py +1031 -0
- aws_cdk/aws_opensearchservice/__init__.py +261 -1
- aws_cdk/aws_pcaconnectorad/__init__.py +30 -4
- aws_cdk/aws_pipes/__init__.py +6 -2
- aws_cdk/aws_quicksight/__init__.py +6712 -20758
- aws_cdk/aws_rds/__init__.py +174 -30
- aws_cdk/aws_redshift/__init__.py +8 -8
- aws_cdk/aws_s3/__init__.py +8 -0
- aws_cdk/aws_sagemaker/__init__.py +80 -18
- aws_cdk/aws_securitylake/__init__.py +3 -0
- aws_cdk/aws_sns/__init__.py +76 -1
- aws_cdk/aws_synthetics/__init__.py +2 -0
- aws_cdk/aws_transfer/__init__.py +241 -40
- aws_cdk/aws_vpclattice/__init__.py +144 -9
- aws_cdk/aws_wafv2/__init__.py +790 -0
- aws_cdk/aws_wisdom/__init__.py +3 -110
- aws_cdk/aws_workspacesthinclient/__init__.py +4 -4
- aws_cdk/aws_workspacesweb/__init__.py +179 -2
- aws_cdk/aws_xray/__init__.py +195 -0
- aws_cdk/cloud_assembly_schema/__init__.py +224 -4
- aws_cdk/custom_resources/__init__.py +65 -8
- aws_cdk/cx_api/__init__.py +2 -1
- {aws_cdk_lib-2.181.1.dist-info → aws_cdk_lib-2.183.0.dist-info}/METADATA +2 -2
- {aws_cdk_lib-2.181.1.dist-info → aws_cdk_lib-2.183.0.dist-info}/RECORD +69 -68
- {aws_cdk_lib-2.181.1.dist-info → aws_cdk_lib-2.183.0.dist-info}/LICENSE +0 -0
- {aws_cdk_lib-2.181.1.dist-info → aws_cdk_lib-2.183.0.dist-info}/NOTICE +0 -0
- {aws_cdk_lib-2.181.1.dist-info → aws_cdk_lib-2.183.0.dist-info}/WHEEL +0 -0
- {aws_cdk_lib-2.181.1.dist-info → aws_cdk_lib-2.183.0.dist-info}/top_level.txt +0 -0
aws_cdk/aws_wafv2/__init__.py
CHANGED
|
@@ -1987,6 +1987,9 @@ class CfnRuleGroup(
|
|
|
1987
1987
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
1988
1988
|
fallback_behavior="fallbackBehavior"
|
|
1989
1989
|
),
|
|
1990
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
1991
|
+
fallback_behavior="fallbackBehavior"
|
|
1992
|
+
),
|
|
1990
1993
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
1991
1994
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
1992
1995
|
all=all,
|
|
@@ -2064,6 +2067,12 @@ class CfnRuleGroup(
|
|
|
2064
2067
|
),
|
|
2065
2068
|
http_method=http_method,
|
|
2066
2069
|
ip=ip,
|
|
2070
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
2071
|
+
fallback_behavior="fallbackBehavior"
|
|
2072
|
+
),
|
|
2073
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
2074
|
+
fallback_behavior="fallbackBehavior"
|
|
2075
|
+
),
|
|
2067
2076
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
2068
2077
|
namespace="namespace"
|
|
2069
2078
|
),
|
|
@@ -2121,6 +2130,9 @@ class CfnRuleGroup(
|
|
|
2121
2130
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2122
2131
|
fallback_behavior="fallbackBehavior"
|
|
2123
2132
|
),
|
|
2133
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
2134
|
+
fallback_behavior="fallbackBehavior"
|
|
2135
|
+
),
|
|
2124
2136
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2125
2137
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2126
2138
|
all=all,
|
|
@@ -2172,6 +2184,9 @@ class CfnRuleGroup(
|
|
|
2172
2184
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2173
2185
|
fallback_behavior="fallbackBehavior"
|
|
2174
2186
|
),
|
|
2187
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
2188
|
+
fallback_behavior="fallbackBehavior"
|
|
2189
|
+
),
|
|
2175
2190
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2176
2191
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2177
2192
|
all=all,
|
|
@@ -2222,6 +2237,9 @@ class CfnRuleGroup(
|
|
|
2222
2237
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2223
2238
|
fallback_behavior="fallbackBehavior"
|
|
2224
2239
|
),
|
|
2240
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
2241
|
+
fallback_behavior="fallbackBehavior"
|
|
2242
|
+
),
|
|
2225
2243
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2226
2244
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2227
2245
|
all=all,
|
|
@@ -2272,6 +2290,9 @@ class CfnRuleGroup(
|
|
|
2272
2290
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2273
2291
|
fallback_behavior="fallbackBehavior"
|
|
2274
2292
|
),
|
|
2293
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
2294
|
+
fallback_behavior="fallbackBehavior"
|
|
2295
|
+
),
|
|
2275
2296
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2276
2297
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2277
2298
|
all=all,
|
|
@@ -2324,6 +2345,9 @@ class CfnRuleGroup(
|
|
|
2324
2345
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2325
2346
|
fallback_behavior="fallbackBehavior"
|
|
2326
2347
|
),
|
|
2348
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
2349
|
+
fallback_behavior="fallbackBehavior"
|
|
2350
|
+
),
|
|
2327
2351
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2328
2352
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2329
2353
|
all=all,
|
|
@@ -2791,6 +2815,9 @@ class CfnRuleGroup(
|
|
|
2791
2815
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2792
2816
|
fallback_behavior="fallbackBehavior"
|
|
2793
2817
|
),
|
|
2818
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
2819
|
+
fallback_behavior="fallbackBehavior"
|
|
2820
|
+
),
|
|
2794
2821
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2795
2822
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2796
2823
|
all=all,
|
|
@@ -2868,6 +2895,12 @@ class CfnRuleGroup(
|
|
|
2868
2895
|
),
|
|
2869
2896
|
http_method=http_method,
|
|
2870
2897
|
ip=ip,
|
|
2898
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
2899
|
+
fallback_behavior="fallbackBehavior"
|
|
2900
|
+
),
|
|
2901
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
2902
|
+
fallback_behavior="fallbackBehavior"
|
|
2903
|
+
),
|
|
2871
2904
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
2872
2905
|
namespace="namespace"
|
|
2873
2906
|
),
|
|
@@ -2925,6 +2958,9 @@ class CfnRuleGroup(
|
|
|
2925
2958
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2926
2959
|
fallback_behavior="fallbackBehavior"
|
|
2927
2960
|
),
|
|
2961
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
2962
|
+
fallback_behavior="fallbackBehavior"
|
|
2963
|
+
),
|
|
2928
2964
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2929
2965
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2930
2966
|
all=all,
|
|
@@ -2976,6 +3012,9 @@ class CfnRuleGroup(
|
|
|
2976
3012
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
2977
3013
|
fallback_behavior="fallbackBehavior"
|
|
2978
3014
|
),
|
|
3015
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
3016
|
+
fallback_behavior="fallbackBehavior"
|
|
3017
|
+
),
|
|
2979
3018
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
2980
3019
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
2981
3020
|
all=all,
|
|
@@ -3026,6 +3065,9 @@ class CfnRuleGroup(
|
|
|
3026
3065
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
3027
3066
|
fallback_behavior="fallbackBehavior"
|
|
3028
3067
|
),
|
|
3068
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
3069
|
+
fallback_behavior="fallbackBehavior"
|
|
3070
|
+
),
|
|
3029
3071
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
3030
3072
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
3031
3073
|
all=all,
|
|
@@ -3076,6 +3118,9 @@ class CfnRuleGroup(
|
|
|
3076
3118
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
3077
3119
|
fallback_behavior="fallbackBehavior"
|
|
3078
3120
|
),
|
|
3121
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
3122
|
+
fallback_behavior="fallbackBehavior"
|
|
3123
|
+
),
|
|
3079
3124
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
3080
3125
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
3081
3126
|
all=all,
|
|
@@ -3128,6 +3173,9 @@ class CfnRuleGroup(
|
|
|
3128
3173
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
3129
3174
|
fallback_behavior="fallbackBehavior"
|
|
3130
3175
|
),
|
|
3176
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
3177
|
+
fallback_behavior="fallbackBehavior"
|
|
3178
|
+
),
|
|
3131
3179
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
3132
3180
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
3133
3181
|
all=all,
|
|
@@ -3398,6 +3446,9 @@ class CfnRuleGroup(
|
|
|
3398
3446
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
3399
3447
|
fallback_behavior="fallbackBehavior"
|
|
3400
3448
|
),
|
|
3449
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
3450
|
+
fallback_behavior="fallbackBehavior"
|
|
3451
|
+
),
|
|
3401
3452
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
3402
3453
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
3403
3454
|
all=all,
|
|
@@ -4400,6 +4451,7 @@ class CfnRuleGroup(
|
|
|
4400
4451
|
"cookies": "cookies",
|
|
4401
4452
|
"headers": "headers",
|
|
4402
4453
|
"ja3_fingerprint": "ja3Fingerprint",
|
|
4454
|
+
"ja4_fingerprint": "ja4Fingerprint",
|
|
4403
4455
|
"json_body": "jsonBody",
|
|
4404
4456
|
"method": "method",
|
|
4405
4457
|
"query_string": "queryString",
|
|
@@ -4417,6 +4469,7 @@ class CfnRuleGroup(
|
|
|
4417
4469
|
cookies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.CookiesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
4418
4470
|
headers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.HeadersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
4419
4471
|
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.JA3FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
4472
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.JA4FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
4420
4473
|
json_body: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.JsonBodyProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
4421
4474
|
method: typing.Any = None,
|
|
4422
4475
|
query_string: typing.Any = None,
|
|
@@ -4446,6 +4499,7 @@ class CfnRuleGroup(
|
|
|
4446
4499
|
:param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
|
|
4447
4500
|
:param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
|
|
4448
4501
|
:param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
4502
|
+
:param ja4_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
4449
4503
|
:param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
|
|
4450
4504
|
:param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
|
|
4451
4505
|
:param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
|
|
@@ -4496,6 +4550,9 @@ class CfnRuleGroup(
|
|
|
4496
4550
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
4497
4551
|
fallback_behavior="fallbackBehavior"
|
|
4498
4552
|
),
|
|
4553
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
4554
|
+
fallback_behavior="fallbackBehavior"
|
|
4555
|
+
),
|
|
4499
4556
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
4500
4557
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
4501
4558
|
all=all,
|
|
@@ -4521,6 +4578,7 @@ class CfnRuleGroup(
|
|
|
4521
4578
|
check_type(argname="argument cookies", value=cookies, expected_type=type_hints["cookies"])
|
|
4522
4579
|
check_type(argname="argument headers", value=headers, expected_type=type_hints["headers"])
|
|
4523
4580
|
check_type(argname="argument ja3_fingerprint", value=ja3_fingerprint, expected_type=type_hints["ja3_fingerprint"])
|
|
4581
|
+
check_type(argname="argument ja4_fingerprint", value=ja4_fingerprint, expected_type=type_hints["ja4_fingerprint"])
|
|
4524
4582
|
check_type(argname="argument json_body", value=json_body, expected_type=type_hints["json_body"])
|
|
4525
4583
|
check_type(argname="argument method", value=method, expected_type=type_hints["method"])
|
|
4526
4584
|
check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
|
|
@@ -4538,6 +4596,8 @@ class CfnRuleGroup(
|
|
|
4538
4596
|
self._values["headers"] = headers
|
|
4539
4597
|
if ja3_fingerprint is not None:
|
|
4540
4598
|
self._values["ja3_fingerprint"] = ja3_fingerprint
|
|
4599
|
+
if ja4_fingerprint is not None:
|
|
4600
|
+
self._values["ja4_fingerprint"] = ja4_fingerprint
|
|
4541
4601
|
if json_body is not None:
|
|
4542
4602
|
self._values["json_body"] = json_body
|
|
4543
4603
|
if method is not None:
|
|
@@ -4630,6 +4690,26 @@ class CfnRuleGroup(
|
|
|
4630
4690
|
result = self._values.get("ja3_fingerprint")
|
|
4631
4691
|
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.JA3FingerprintProperty"]], result)
|
|
4632
4692
|
|
|
4693
|
+
@builtins.property
|
|
4694
|
+
def ja4_fingerprint(
|
|
4695
|
+
self,
|
|
4696
|
+
) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.JA4FingerprintProperty"]]:
|
|
4697
|
+
'''Available for use with Amazon CloudFront distributions and Application Load Balancers.
|
|
4698
|
+
|
|
4699
|
+
Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
|
|
4700
|
+
.. epigraph::
|
|
4701
|
+
|
|
4702
|
+
You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
|
|
4703
|
+
|
|
4704
|
+
You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
|
|
4705
|
+
|
|
4706
|
+
Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
4707
|
+
|
|
4708
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html#cfn-wafv2-rulegroup-fieldtomatch-ja4fingerprint
|
|
4709
|
+
'''
|
|
4710
|
+
result = self._values.get("ja4_fingerprint")
|
|
4711
|
+
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.JA4FingerprintProperty"]], result)
|
|
4712
|
+
|
|
4633
4713
|
@builtins.property
|
|
4634
4714
|
def json_body(
|
|
4635
4715
|
self,
|
|
@@ -5468,6 +5548,72 @@ class CfnRuleGroup(
|
|
|
5468
5548
|
k + "=" + repr(v) for k, v in self._values.items()
|
|
5469
5549
|
)
|
|
5470
5550
|
|
|
5551
|
+
@jsii.data_type(
|
|
5552
|
+
jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.JA4FingerprintProperty",
|
|
5553
|
+
jsii_struct_bases=[],
|
|
5554
|
+
name_mapping={"fallback_behavior": "fallbackBehavior"},
|
|
5555
|
+
)
|
|
5556
|
+
class JA4FingerprintProperty:
|
|
5557
|
+
def __init__(self, *, fallback_behavior: builtins.str) -> None:
|
|
5558
|
+
'''Available for use with Amazon CloudFront distributions and Application Load Balancers.
|
|
5559
|
+
|
|
5560
|
+
Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
|
|
5561
|
+
.. epigraph::
|
|
5562
|
+
|
|
5563
|
+
You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
|
|
5564
|
+
|
|
5565
|
+
You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
|
|
5566
|
+
|
|
5567
|
+
Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
5568
|
+
|
|
5569
|
+
:param fallback_behavior: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
5570
|
+
|
|
5571
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ja4fingerprint.html
|
|
5572
|
+
:exampleMetadata: fixture=_generated
|
|
5573
|
+
|
|
5574
|
+
Example::
|
|
5575
|
+
|
|
5576
|
+
# The code below shows an example of how to instantiate this type.
|
|
5577
|
+
# The values are placeholders you should change.
|
|
5578
|
+
from aws_cdk import aws_wafv2 as wafv2
|
|
5579
|
+
|
|
5580
|
+
j_a4_fingerprint_property = wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
5581
|
+
fallback_behavior="fallbackBehavior"
|
|
5582
|
+
)
|
|
5583
|
+
'''
|
|
5584
|
+
if __debug__:
|
|
5585
|
+
type_hints = typing.get_type_hints(_typecheckingstub__98d25072bace816c3ee0005576dfb4321dc85cb549d85f10845ec1379f11441b)
|
|
5586
|
+
check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
|
|
5587
|
+
self._values: typing.Dict[builtins.str, typing.Any] = {
|
|
5588
|
+
"fallback_behavior": fallback_behavior,
|
|
5589
|
+
}
|
|
5590
|
+
|
|
5591
|
+
@builtins.property
|
|
5592
|
+
def fallback_behavior(self) -> builtins.str:
|
|
5593
|
+
'''The match status to assign to the web request if the request doesn't have a JA4 fingerprint.
|
|
5594
|
+
|
|
5595
|
+
You can specify the following fallback behaviors:
|
|
5596
|
+
|
|
5597
|
+
- ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
|
|
5598
|
+
- ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
5599
|
+
|
|
5600
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ja4fingerprint.html#cfn-wafv2-rulegroup-ja4fingerprint-fallbackbehavior
|
|
5601
|
+
'''
|
|
5602
|
+
result = self._values.get("fallback_behavior")
|
|
5603
|
+
assert result is not None, "Required property 'fallback_behavior' is missing"
|
|
5604
|
+
return typing.cast(builtins.str, result)
|
|
5605
|
+
|
|
5606
|
+
def __eq__(self, rhs: typing.Any) -> builtins.bool:
|
|
5607
|
+
return isinstance(rhs, self.__class__) and rhs._values == self._values
|
|
5608
|
+
|
|
5609
|
+
def __ne__(self, rhs: typing.Any) -> builtins.bool:
|
|
5610
|
+
return not (rhs == self)
|
|
5611
|
+
|
|
5612
|
+
def __repr__(self) -> str:
|
|
5613
|
+
return "JA4FingerprintProperty(%s)" % ", ".join(
|
|
5614
|
+
k + "=" + repr(v) for k, v in self._values.items()
|
|
5615
|
+
)
|
|
5616
|
+
|
|
5471
5617
|
@jsii.data_type(
|
|
5472
5618
|
jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.JsonBodyProperty",
|
|
5473
5619
|
jsii_struct_bases=[],
|
|
@@ -5958,6 +6104,9 @@ class CfnRuleGroup(
|
|
|
5958
6104
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
5959
6105
|
fallback_behavior="fallbackBehavior"
|
|
5960
6106
|
),
|
|
6107
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6108
|
+
fallback_behavior="fallbackBehavior"
|
|
6109
|
+
),
|
|
5961
6110
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
5962
6111
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
5963
6112
|
all=all,
|
|
@@ -6033,6 +6182,12 @@ class CfnRuleGroup(
|
|
|
6033
6182
|
),
|
|
6034
6183
|
http_method=http_method,
|
|
6035
6184
|
ip=ip,
|
|
6185
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
6186
|
+
fallback_behavior="fallbackBehavior"
|
|
6187
|
+
),
|
|
6188
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
6189
|
+
fallback_behavior="fallbackBehavior"
|
|
6190
|
+
),
|
|
6036
6191
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
6037
6192
|
namespace="namespace"
|
|
6038
6193
|
),
|
|
@@ -6090,6 +6245,9 @@ class CfnRuleGroup(
|
|
|
6090
6245
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6091
6246
|
fallback_behavior="fallbackBehavior"
|
|
6092
6247
|
),
|
|
6248
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6249
|
+
fallback_behavior="fallbackBehavior"
|
|
6250
|
+
),
|
|
6093
6251
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6094
6252
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6095
6253
|
all=all,
|
|
@@ -6141,6 +6299,9 @@ class CfnRuleGroup(
|
|
|
6141
6299
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6142
6300
|
fallback_behavior="fallbackBehavior"
|
|
6143
6301
|
),
|
|
6302
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6303
|
+
fallback_behavior="fallbackBehavior"
|
|
6304
|
+
),
|
|
6144
6305
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6145
6306
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6146
6307
|
all=all,
|
|
@@ -6191,6 +6352,9 @@ class CfnRuleGroup(
|
|
|
6191
6352
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6192
6353
|
fallback_behavior="fallbackBehavior"
|
|
6193
6354
|
),
|
|
6355
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6356
|
+
fallback_behavior="fallbackBehavior"
|
|
6357
|
+
),
|
|
6194
6358
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6195
6359
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6196
6360
|
all=all,
|
|
@@ -6241,6 +6405,9 @@ class CfnRuleGroup(
|
|
|
6241
6405
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6242
6406
|
fallback_behavior="fallbackBehavior"
|
|
6243
6407
|
),
|
|
6408
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6409
|
+
fallback_behavior="fallbackBehavior"
|
|
6410
|
+
),
|
|
6244
6411
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6245
6412
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6246
6413
|
all=all,
|
|
@@ -6293,6 +6460,9 @@ class CfnRuleGroup(
|
|
|
6293
6460
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6294
6461
|
fallback_behavior="fallbackBehavior"
|
|
6295
6462
|
),
|
|
6463
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6464
|
+
fallback_behavior="fallbackBehavior"
|
|
6465
|
+
),
|
|
6296
6466
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6297
6467
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6298
6468
|
all=all,
|
|
@@ -6421,6 +6591,9 @@ class CfnRuleGroup(
|
|
|
6421
6591
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6422
6592
|
fallback_behavior="fallbackBehavior"
|
|
6423
6593
|
),
|
|
6594
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6595
|
+
fallback_behavior="fallbackBehavior"
|
|
6596
|
+
),
|
|
6424
6597
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6425
6598
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6426
6599
|
all=all,
|
|
@@ -6496,6 +6669,12 @@ class CfnRuleGroup(
|
|
|
6496
6669
|
),
|
|
6497
6670
|
http_method=http_method,
|
|
6498
6671
|
ip=ip,
|
|
6672
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
6673
|
+
fallback_behavior="fallbackBehavior"
|
|
6674
|
+
),
|
|
6675
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
6676
|
+
fallback_behavior="fallbackBehavior"
|
|
6677
|
+
),
|
|
6499
6678
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
6500
6679
|
namespace="namespace"
|
|
6501
6680
|
),
|
|
@@ -6553,6 +6732,9 @@ class CfnRuleGroup(
|
|
|
6553
6732
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6554
6733
|
fallback_behavior="fallbackBehavior"
|
|
6555
6734
|
),
|
|
6735
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6736
|
+
fallback_behavior="fallbackBehavior"
|
|
6737
|
+
),
|
|
6556
6738
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6557
6739
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6558
6740
|
all=all,
|
|
@@ -6604,6 +6786,9 @@ class CfnRuleGroup(
|
|
|
6604
6786
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6605
6787
|
fallback_behavior="fallbackBehavior"
|
|
6606
6788
|
),
|
|
6789
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6790
|
+
fallback_behavior="fallbackBehavior"
|
|
6791
|
+
),
|
|
6607
6792
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6608
6793
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6609
6794
|
all=all,
|
|
@@ -6654,6 +6839,9 @@ class CfnRuleGroup(
|
|
|
6654
6839
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6655
6840
|
fallback_behavior="fallbackBehavior"
|
|
6656
6841
|
),
|
|
6842
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6843
|
+
fallback_behavior="fallbackBehavior"
|
|
6844
|
+
),
|
|
6657
6845
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6658
6846
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6659
6847
|
all=all,
|
|
@@ -6704,6 +6892,9 @@ class CfnRuleGroup(
|
|
|
6704
6892
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6705
6893
|
fallback_behavior="fallbackBehavior"
|
|
6706
6894
|
),
|
|
6895
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6896
|
+
fallback_behavior="fallbackBehavior"
|
|
6897
|
+
),
|
|
6707
6898
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6708
6899
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6709
6900
|
all=all,
|
|
@@ -6756,6 +6947,9 @@ class CfnRuleGroup(
|
|
|
6756
6947
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
6757
6948
|
fallback_behavior="fallbackBehavior"
|
|
6758
6949
|
),
|
|
6950
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
6951
|
+
fallback_behavior="fallbackBehavior"
|
|
6952
|
+
),
|
|
6759
6953
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
6760
6954
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
6761
6955
|
all=all,
|
|
@@ -6822,6 +7016,8 @@ class CfnRuleGroup(
|
|
|
6822
7016
|
"header": "header",
|
|
6823
7017
|
"http_method": "httpMethod",
|
|
6824
7018
|
"ip": "ip",
|
|
7019
|
+
"ja3_fingerprint": "ja3Fingerprint",
|
|
7020
|
+
"ja4_fingerprint": "ja4Fingerprint",
|
|
6825
7021
|
"label_namespace": "labelNamespace",
|
|
6826
7022
|
"query_argument": "queryArgument",
|
|
6827
7023
|
"query_string": "queryString",
|
|
@@ -6837,6 +7033,8 @@ class CfnRuleGroup(
|
|
|
6837
7033
|
header: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.RateLimitHeaderProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
6838
7034
|
http_method: typing.Any = None,
|
|
6839
7035
|
ip: typing.Any = None,
|
|
7036
|
+
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.RateLimitJA3FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
7037
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.RateLimitJA4FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
6840
7038
|
label_namespace: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.RateLimitLabelNamespaceProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
6841
7039
|
query_argument: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.RateLimitQueryArgumentProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
6842
7040
|
query_string: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.RateLimitQueryStringProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
@@ -6853,6 +7051,8 @@ class CfnRuleGroup(
|
|
|
6853
7051
|
:param header: Use the value of a header in the request as an aggregate key. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
|
|
6854
7052
|
:param http_method: Use the request's HTTP method as an aggregate key. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.
|
|
6855
7053
|
:param ip: Use the request's originating IP address as an aggregate key. Each distinct IP address contributes to the aggregation instance. When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the IP address by specifying ``IP`` in your rate-based statement's ``AggregateKeyType`` .
|
|
7054
|
+
:param ja3_fingerprint: Use the request's JA3 fingerprint as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
7055
|
+
:param ja4_fingerprint: Use the request's JA4 fingerprint as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
6856
7056
|
:param label_namespace: Use the specified label namespace as an aggregate key. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance. This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL. For information about label namespaces and names, see `Label syntax and naming requirements <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html>`_ in the *AWS WAF Developer Guide* .
|
|
6857
7057
|
:param query_argument: Use the specified query argument as an aggregate key. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
|
|
6858
7058
|
:param query_string: Use the request's query string as an aggregate key. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
|
|
@@ -6889,6 +7089,12 @@ class CfnRuleGroup(
|
|
|
6889
7089
|
),
|
|
6890
7090
|
http_method=http_method,
|
|
6891
7091
|
ip=ip,
|
|
7092
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
7093
|
+
fallback_behavior="fallbackBehavior"
|
|
7094
|
+
),
|
|
7095
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
7096
|
+
fallback_behavior="fallbackBehavior"
|
|
7097
|
+
),
|
|
6892
7098
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
6893
7099
|
namespace="namespace"
|
|
6894
7100
|
),
|
|
@@ -6920,6 +7126,8 @@ class CfnRuleGroup(
|
|
|
6920
7126
|
check_type(argname="argument header", value=header, expected_type=type_hints["header"])
|
|
6921
7127
|
check_type(argname="argument http_method", value=http_method, expected_type=type_hints["http_method"])
|
|
6922
7128
|
check_type(argname="argument ip", value=ip, expected_type=type_hints["ip"])
|
|
7129
|
+
check_type(argname="argument ja3_fingerprint", value=ja3_fingerprint, expected_type=type_hints["ja3_fingerprint"])
|
|
7130
|
+
check_type(argname="argument ja4_fingerprint", value=ja4_fingerprint, expected_type=type_hints["ja4_fingerprint"])
|
|
6923
7131
|
check_type(argname="argument label_namespace", value=label_namespace, expected_type=type_hints["label_namespace"])
|
|
6924
7132
|
check_type(argname="argument query_argument", value=query_argument, expected_type=type_hints["query_argument"])
|
|
6925
7133
|
check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
|
|
@@ -6935,6 +7143,10 @@ class CfnRuleGroup(
|
|
|
6935
7143
|
self._values["http_method"] = http_method
|
|
6936
7144
|
if ip is not None:
|
|
6937
7145
|
self._values["ip"] = ip
|
|
7146
|
+
if ja3_fingerprint is not None:
|
|
7147
|
+
self._values["ja3_fingerprint"] = ja3_fingerprint
|
|
7148
|
+
if ja4_fingerprint is not None:
|
|
7149
|
+
self._values["ja4_fingerprint"] = ja4_fingerprint
|
|
6938
7150
|
if label_namespace is not None:
|
|
6939
7151
|
self._values["label_namespace"] = label_namespace
|
|
6940
7152
|
if query_argument is not None:
|
|
@@ -7007,6 +7219,32 @@ class CfnRuleGroup(
|
|
|
7007
7219
|
result = self._values.get("ip")
|
|
7008
7220
|
return typing.cast(typing.Any, result)
|
|
7009
7221
|
|
|
7222
|
+
@builtins.property
|
|
7223
|
+
def ja3_fingerprint(
|
|
7224
|
+
self,
|
|
7225
|
+
) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RateLimitJA3FingerprintProperty"]]:
|
|
7226
|
+
'''Use the request's JA3 fingerprint as an aggregate key.
|
|
7227
|
+
|
|
7228
|
+
If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
7229
|
+
|
|
7230
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratebasedstatementcustomkey.html#cfn-wafv2-rulegroup-ratebasedstatementcustomkey-ja3fingerprint
|
|
7231
|
+
'''
|
|
7232
|
+
result = self._values.get("ja3_fingerprint")
|
|
7233
|
+
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RateLimitJA3FingerprintProperty"]], result)
|
|
7234
|
+
|
|
7235
|
+
@builtins.property
|
|
7236
|
+
def ja4_fingerprint(
|
|
7237
|
+
self,
|
|
7238
|
+
) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RateLimitJA4FingerprintProperty"]]:
|
|
7239
|
+
'''Use the request's JA4 fingerprint as an aggregate key.
|
|
7240
|
+
|
|
7241
|
+
If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
7242
|
+
|
|
7243
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratebasedstatementcustomkey.html#cfn-wafv2-rulegroup-ratebasedstatementcustomkey-ja4fingerprint
|
|
7244
|
+
'''
|
|
7245
|
+
result = self._values.get("ja4_fingerprint")
|
|
7246
|
+
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RateLimitJA4FingerprintProperty"]], result)
|
|
7247
|
+
|
|
7010
7248
|
@builtins.property
|
|
7011
7249
|
def label_namespace(
|
|
7012
7250
|
self,
|
|
@@ -7192,6 +7430,12 @@ class CfnRuleGroup(
|
|
|
7192
7430
|
),
|
|
7193
7431
|
http_method=http_method,
|
|
7194
7432
|
ip=ip,
|
|
7433
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
7434
|
+
fallback_behavior="fallbackBehavior"
|
|
7435
|
+
),
|
|
7436
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
7437
|
+
fallback_behavior="fallbackBehavior"
|
|
7438
|
+
),
|
|
7195
7439
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
7196
7440
|
namespace="namespace"
|
|
7197
7441
|
),
|
|
@@ -7251,6 +7495,9 @@ class CfnRuleGroup(
|
|
|
7251
7495
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
7252
7496
|
fallback_behavior="fallbackBehavior"
|
|
7253
7497
|
),
|
|
7498
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
7499
|
+
fallback_behavior="fallbackBehavior"
|
|
7500
|
+
),
|
|
7254
7501
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
7255
7502
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
7256
7503
|
all=all,
|
|
@@ -7333,6 +7580,9 @@ class CfnRuleGroup(
|
|
|
7333
7580
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
7334
7581
|
fallback_behavior="fallbackBehavior"
|
|
7335
7582
|
),
|
|
7583
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
7584
|
+
fallback_behavior="fallbackBehavior"
|
|
7585
|
+
),
|
|
7336
7586
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
7337
7587
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
7338
7588
|
all=all,
|
|
@@ -7384,6 +7634,9 @@ class CfnRuleGroup(
|
|
|
7384
7634
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
7385
7635
|
fallback_behavior="fallbackBehavior"
|
|
7386
7636
|
),
|
|
7637
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
7638
|
+
fallback_behavior="fallbackBehavior"
|
|
7639
|
+
),
|
|
7387
7640
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
7388
7641
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
7389
7642
|
all=all,
|
|
@@ -7434,6 +7687,9 @@ class CfnRuleGroup(
|
|
|
7434
7687
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
7435
7688
|
fallback_behavior="fallbackBehavior"
|
|
7436
7689
|
),
|
|
7690
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
7691
|
+
fallback_behavior="fallbackBehavior"
|
|
7692
|
+
),
|
|
7437
7693
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
7438
7694
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
7439
7695
|
all=all,
|
|
@@ -7484,6 +7740,9 @@ class CfnRuleGroup(
|
|
|
7484
7740
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
7485
7741
|
fallback_behavior="fallbackBehavior"
|
|
7486
7742
|
),
|
|
7743
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
7744
|
+
fallback_behavior="fallbackBehavior"
|
|
7745
|
+
),
|
|
7487
7746
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
7488
7747
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
7489
7748
|
all=all,
|
|
@@ -7536,6 +7795,9 @@ class CfnRuleGroup(
|
|
|
7536
7795
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
7537
7796
|
fallback_behavior="fallbackBehavior"
|
|
7538
7797
|
),
|
|
7798
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
7799
|
+
fallback_behavior="fallbackBehavior"
|
|
7800
|
+
),
|
|
7539
7801
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
7540
7802
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
7541
7803
|
all=all,
|
|
@@ -7861,6 +8123,124 @@ class CfnRuleGroup(
|
|
|
7861
8123
|
k + "=" + repr(v) for k, v in self._values.items()
|
|
7862
8124
|
)
|
|
7863
8125
|
|
|
8126
|
+
@jsii.data_type(
|
|
8127
|
+
jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty",
|
|
8128
|
+
jsii_struct_bases=[],
|
|
8129
|
+
name_mapping={"fallback_behavior": "fallbackBehavior"},
|
|
8130
|
+
)
|
|
8131
|
+
class RateLimitJA3FingerprintProperty:
|
|
8132
|
+
def __init__(self, *, fallback_behavior: builtins.str) -> None:
|
|
8133
|
+
'''Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
|
|
8134
|
+
|
|
8135
|
+
If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
8136
|
+
|
|
8137
|
+
:param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
8138
|
+
|
|
8139
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.html
|
|
8140
|
+
:exampleMetadata: fixture=_generated
|
|
8141
|
+
|
|
8142
|
+
Example::
|
|
8143
|
+
|
|
8144
|
+
# The code below shows an example of how to instantiate this type.
|
|
8145
|
+
# The values are placeholders you should change.
|
|
8146
|
+
from aws_cdk import aws_wafv2 as wafv2
|
|
8147
|
+
|
|
8148
|
+
rate_limit_jA3_fingerprint_property = wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
8149
|
+
fallback_behavior="fallbackBehavior"
|
|
8150
|
+
)
|
|
8151
|
+
'''
|
|
8152
|
+
if __debug__:
|
|
8153
|
+
type_hints = typing.get_type_hints(_typecheckingstub__01cbbd4025c041374160f1ace2284204fed871076ebb05f8dbb9425055cf3060)
|
|
8154
|
+
check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
|
|
8155
|
+
self._values: typing.Dict[builtins.str, typing.Any] = {
|
|
8156
|
+
"fallback_behavior": fallback_behavior,
|
|
8157
|
+
}
|
|
8158
|
+
|
|
8159
|
+
@builtins.property
|
|
8160
|
+
def fallback_behavior(self) -> builtins.str:
|
|
8161
|
+
'''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint.
|
|
8162
|
+
|
|
8163
|
+
You can specify the following fallback behaviors:
|
|
8164
|
+
|
|
8165
|
+
- ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
|
|
8166
|
+
- ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
8167
|
+
|
|
8168
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.html#cfn-wafv2-rulegroup-ratelimitja3fingerprint-fallbackbehavior
|
|
8169
|
+
'''
|
|
8170
|
+
result = self._values.get("fallback_behavior")
|
|
8171
|
+
assert result is not None, "Required property 'fallback_behavior' is missing"
|
|
8172
|
+
return typing.cast(builtins.str, result)
|
|
8173
|
+
|
|
8174
|
+
def __eq__(self, rhs: typing.Any) -> builtins.bool:
|
|
8175
|
+
return isinstance(rhs, self.__class__) and rhs._values == self._values
|
|
8176
|
+
|
|
8177
|
+
def __ne__(self, rhs: typing.Any) -> builtins.bool:
|
|
8178
|
+
return not (rhs == self)
|
|
8179
|
+
|
|
8180
|
+
def __repr__(self) -> str:
|
|
8181
|
+
return "RateLimitJA3FingerprintProperty(%s)" % ", ".join(
|
|
8182
|
+
k + "=" + repr(v) for k, v in self._values.items()
|
|
8183
|
+
)
|
|
8184
|
+
|
|
8185
|
+
@jsii.data_type(
|
|
8186
|
+
jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty",
|
|
8187
|
+
jsii_struct_bases=[],
|
|
8188
|
+
name_mapping={"fallback_behavior": "fallbackBehavior"},
|
|
8189
|
+
)
|
|
8190
|
+
class RateLimitJA4FingerprintProperty:
|
|
8191
|
+
def __init__(self, *, fallback_behavior: builtins.str) -> None:
|
|
8192
|
+
'''Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
|
|
8193
|
+
|
|
8194
|
+
If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
8195
|
+
|
|
8196
|
+
:param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
8197
|
+
|
|
8198
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.html
|
|
8199
|
+
:exampleMetadata: fixture=_generated
|
|
8200
|
+
|
|
8201
|
+
Example::
|
|
8202
|
+
|
|
8203
|
+
# The code below shows an example of how to instantiate this type.
|
|
8204
|
+
# The values are placeholders you should change.
|
|
8205
|
+
from aws_cdk import aws_wafv2 as wafv2
|
|
8206
|
+
|
|
8207
|
+
rate_limit_jA4_fingerprint_property = wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
8208
|
+
fallback_behavior="fallbackBehavior"
|
|
8209
|
+
)
|
|
8210
|
+
'''
|
|
8211
|
+
if __debug__:
|
|
8212
|
+
type_hints = typing.get_type_hints(_typecheckingstub__7133c91d3834ea8b9f0c3938b2bfa71b20890314ee89527acbfc32927f991d59)
|
|
8213
|
+
check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
|
|
8214
|
+
self._values: typing.Dict[builtins.str, typing.Any] = {
|
|
8215
|
+
"fallback_behavior": fallback_behavior,
|
|
8216
|
+
}
|
|
8217
|
+
|
|
8218
|
+
@builtins.property
|
|
8219
|
+
def fallback_behavior(self) -> builtins.str:
|
|
8220
|
+
'''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint.
|
|
8221
|
+
|
|
8222
|
+
You can specify the following fallback behaviors:
|
|
8223
|
+
|
|
8224
|
+
- ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
|
|
8225
|
+
- ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
8226
|
+
|
|
8227
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.html#cfn-wafv2-rulegroup-ratelimitja4fingerprint-fallbackbehavior
|
|
8228
|
+
'''
|
|
8229
|
+
result = self._values.get("fallback_behavior")
|
|
8230
|
+
assert result is not None, "Required property 'fallback_behavior' is missing"
|
|
8231
|
+
return typing.cast(builtins.str, result)
|
|
8232
|
+
|
|
8233
|
+
def __eq__(self, rhs: typing.Any) -> builtins.bool:
|
|
8234
|
+
return isinstance(rhs, self.__class__) and rhs._values == self._values
|
|
8235
|
+
|
|
8236
|
+
def __ne__(self, rhs: typing.Any) -> builtins.bool:
|
|
8237
|
+
return not (rhs == self)
|
|
8238
|
+
|
|
8239
|
+
def __repr__(self) -> str:
|
|
8240
|
+
return "RateLimitJA4FingerprintProperty(%s)" % ", ".join(
|
|
8241
|
+
k + "=" + repr(v) for k, v in self._values.items()
|
|
8242
|
+
)
|
|
8243
|
+
|
|
7864
8244
|
@jsii.data_type(
|
|
7865
8245
|
jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty",
|
|
7866
8246
|
jsii_struct_bases=[],
|
|
@@ -8196,6 +8576,9 @@ class CfnRuleGroup(
|
|
|
8196
8576
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
8197
8577
|
fallback_behavior="fallbackBehavior"
|
|
8198
8578
|
),
|
|
8579
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
8580
|
+
fallback_behavior="fallbackBehavior"
|
|
8581
|
+
),
|
|
8199
8582
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
8200
8583
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
8201
8584
|
all=all,
|
|
@@ -8350,6 +8733,9 @@ class CfnRuleGroup(
|
|
|
8350
8733
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
8351
8734
|
fallback_behavior="fallbackBehavior"
|
|
8352
8735
|
),
|
|
8736
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
8737
|
+
fallback_behavior="fallbackBehavior"
|
|
8738
|
+
),
|
|
8353
8739
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
8354
8740
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
8355
8741
|
all=all,
|
|
@@ -8673,6 +9059,9 @@ class CfnRuleGroup(
|
|
|
8673
9059
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
8674
9060
|
fallback_behavior="fallbackBehavior"
|
|
8675
9061
|
),
|
|
9062
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9063
|
+
fallback_behavior="fallbackBehavior"
|
|
9064
|
+
),
|
|
8676
9065
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
8677
9066
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
8678
9067
|
all=all,
|
|
@@ -8750,6 +9139,12 @@ class CfnRuleGroup(
|
|
|
8750
9139
|
),
|
|
8751
9140
|
http_method=http_method,
|
|
8752
9141
|
ip=ip,
|
|
9142
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
9143
|
+
fallback_behavior="fallbackBehavior"
|
|
9144
|
+
),
|
|
9145
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
9146
|
+
fallback_behavior="fallbackBehavior"
|
|
9147
|
+
),
|
|
8753
9148
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
8754
9149
|
namespace="namespace"
|
|
8755
9150
|
),
|
|
@@ -8807,6 +9202,9 @@ class CfnRuleGroup(
|
|
|
8807
9202
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
8808
9203
|
fallback_behavior="fallbackBehavior"
|
|
8809
9204
|
),
|
|
9205
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9206
|
+
fallback_behavior="fallbackBehavior"
|
|
9207
|
+
),
|
|
8810
9208
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
8811
9209
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
8812
9210
|
all=all,
|
|
@@ -8858,6 +9256,9 @@ class CfnRuleGroup(
|
|
|
8858
9256
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
8859
9257
|
fallback_behavior="fallbackBehavior"
|
|
8860
9258
|
),
|
|
9259
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9260
|
+
fallback_behavior="fallbackBehavior"
|
|
9261
|
+
),
|
|
8861
9262
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
8862
9263
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
8863
9264
|
all=all,
|
|
@@ -8908,6 +9309,9 @@ class CfnRuleGroup(
|
|
|
8908
9309
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
8909
9310
|
fallback_behavior="fallbackBehavior"
|
|
8910
9311
|
),
|
|
9312
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9313
|
+
fallback_behavior="fallbackBehavior"
|
|
9314
|
+
),
|
|
8911
9315
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
8912
9316
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
8913
9317
|
all=all,
|
|
@@ -8958,6 +9362,9 @@ class CfnRuleGroup(
|
|
|
8958
9362
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
8959
9363
|
fallback_behavior="fallbackBehavior"
|
|
8960
9364
|
),
|
|
9365
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9366
|
+
fallback_behavior="fallbackBehavior"
|
|
9367
|
+
),
|
|
8961
9368
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
8962
9369
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
8963
9370
|
all=all,
|
|
@@ -9010,6 +9417,9 @@ class CfnRuleGroup(
|
|
|
9010
9417
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
9011
9418
|
fallback_behavior="fallbackBehavior"
|
|
9012
9419
|
),
|
|
9420
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9421
|
+
fallback_behavior="fallbackBehavior"
|
|
9422
|
+
),
|
|
9013
9423
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
9014
9424
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
9015
9425
|
all=all,
|
|
@@ -9409,6 +9819,9 @@ class CfnRuleGroup(
|
|
|
9409
9819
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
9410
9820
|
fallback_behavior="fallbackBehavior"
|
|
9411
9821
|
),
|
|
9822
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9823
|
+
fallback_behavior="fallbackBehavior"
|
|
9824
|
+
),
|
|
9412
9825
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
9413
9826
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
9414
9827
|
all=all,
|
|
@@ -9572,6 +9985,9 @@ class CfnRuleGroup(
|
|
|
9572
9985
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
9573
9986
|
fallback_behavior="fallbackBehavior"
|
|
9574
9987
|
),
|
|
9988
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
9989
|
+
fallback_behavior="fallbackBehavior"
|
|
9990
|
+
),
|
|
9575
9991
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
9576
9992
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
9577
9993
|
all=all,
|
|
@@ -9767,6 +10183,9 @@ class CfnRuleGroup(
|
|
|
9767
10183
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
9768
10184
|
fallback_behavior="fallbackBehavior"
|
|
9769
10185
|
),
|
|
10186
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
10187
|
+
fallback_behavior="fallbackBehavior"
|
|
10188
|
+
),
|
|
9770
10189
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
9771
10190
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
9772
10191
|
all=all,
|
|
@@ -9844,6 +10263,12 @@ class CfnRuleGroup(
|
|
|
9844
10263
|
),
|
|
9845
10264
|
http_method=http_method,
|
|
9846
10265
|
ip=ip,
|
|
10266
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
10267
|
+
fallback_behavior="fallbackBehavior"
|
|
10268
|
+
),
|
|
10269
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
10270
|
+
fallback_behavior="fallbackBehavior"
|
|
10271
|
+
),
|
|
9847
10272
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
9848
10273
|
namespace="namespace"
|
|
9849
10274
|
),
|
|
@@ -9901,6 +10326,9 @@ class CfnRuleGroup(
|
|
|
9901
10326
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
9902
10327
|
fallback_behavior="fallbackBehavior"
|
|
9903
10328
|
),
|
|
10329
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
10330
|
+
fallback_behavior="fallbackBehavior"
|
|
10331
|
+
),
|
|
9904
10332
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
9905
10333
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
9906
10334
|
all=all,
|
|
@@ -9952,6 +10380,9 @@ class CfnRuleGroup(
|
|
|
9952
10380
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
9953
10381
|
fallback_behavior="fallbackBehavior"
|
|
9954
10382
|
),
|
|
10383
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
10384
|
+
fallback_behavior="fallbackBehavior"
|
|
10385
|
+
),
|
|
9955
10386
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
9956
10387
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
9957
10388
|
all=all,
|
|
@@ -10002,6 +10433,9 @@ class CfnRuleGroup(
|
|
|
10002
10433
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
10003
10434
|
fallback_behavior="fallbackBehavior"
|
|
10004
10435
|
),
|
|
10436
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
10437
|
+
fallback_behavior="fallbackBehavior"
|
|
10438
|
+
),
|
|
10005
10439
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
10006
10440
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
10007
10441
|
all=all,
|
|
@@ -10052,6 +10486,9 @@ class CfnRuleGroup(
|
|
|
10052
10486
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
10053
10487
|
fallback_behavior="fallbackBehavior"
|
|
10054
10488
|
),
|
|
10489
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
10490
|
+
fallback_behavior="fallbackBehavior"
|
|
10491
|
+
),
|
|
10055
10492
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
10056
10493
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
10057
10494
|
all=all,
|
|
@@ -10104,6 +10541,9 @@ class CfnRuleGroup(
|
|
|
10104
10541
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
10105
10542
|
fallback_behavior="fallbackBehavior"
|
|
10106
10543
|
),
|
|
10544
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
10545
|
+
fallback_behavior="fallbackBehavior"
|
|
10546
|
+
),
|
|
10107
10547
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
10108
10548
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
10109
10549
|
all=all,
|
|
@@ -10649,6 +11089,9 @@ class CfnRuleGroup(
|
|
|
10649
11089
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
10650
11090
|
fallback_behavior="fallbackBehavior"
|
|
10651
11091
|
),
|
|
11092
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
11093
|
+
fallback_behavior="fallbackBehavior"
|
|
11094
|
+
),
|
|
10652
11095
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
10653
11096
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
10654
11097
|
all=all,
|
|
@@ -10847,6 +11290,9 @@ class CfnRuleGroupProps:
|
|
|
10847
11290
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
10848
11291
|
fallback_behavior="fallbackBehavior"
|
|
10849
11292
|
),
|
|
11293
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
11294
|
+
fallback_behavior="fallbackBehavior"
|
|
11295
|
+
),
|
|
10850
11296
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
10851
11297
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
10852
11298
|
all=all,
|
|
@@ -10924,6 +11370,12 @@ class CfnRuleGroupProps:
|
|
|
10924
11370
|
),
|
|
10925
11371
|
http_method=http_method,
|
|
10926
11372
|
ip=ip,
|
|
11373
|
+
ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
|
|
11374
|
+
fallback_behavior="fallbackBehavior"
|
|
11375
|
+
),
|
|
11376
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
|
|
11377
|
+
fallback_behavior="fallbackBehavior"
|
|
11378
|
+
),
|
|
10927
11379
|
label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
|
|
10928
11380
|
namespace="namespace"
|
|
10929
11381
|
),
|
|
@@ -10981,6 +11433,9 @@ class CfnRuleGroupProps:
|
|
|
10981
11433
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
10982
11434
|
fallback_behavior="fallbackBehavior"
|
|
10983
11435
|
),
|
|
11436
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
11437
|
+
fallback_behavior="fallbackBehavior"
|
|
11438
|
+
),
|
|
10984
11439
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
10985
11440
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
10986
11441
|
all=all,
|
|
@@ -11032,6 +11487,9 @@ class CfnRuleGroupProps:
|
|
|
11032
11487
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
11033
11488
|
fallback_behavior="fallbackBehavior"
|
|
11034
11489
|
),
|
|
11490
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
11491
|
+
fallback_behavior="fallbackBehavior"
|
|
11492
|
+
),
|
|
11035
11493
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
11036
11494
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
11037
11495
|
all=all,
|
|
@@ -11082,6 +11540,9 @@ class CfnRuleGroupProps:
|
|
|
11082
11540
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
11083
11541
|
fallback_behavior="fallbackBehavior"
|
|
11084
11542
|
),
|
|
11543
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
11544
|
+
fallback_behavior="fallbackBehavior"
|
|
11545
|
+
),
|
|
11085
11546
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
11086
11547
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
11087
11548
|
all=all,
|
|
@@ -11132,6 +11593,9 @@ class CfnRuleGroupProps:
|
|
|
11132
11593
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
11133
11594
|
fallback_behavior="fallbackBehavior"
|
|
11134
11595
|
),
|
|
11596
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
11597
|
+
fallback_behavior="fallbackBehavior"
|
|
11598
|
+
),
|
|
11135
11599
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
11136
11600
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
11137
11601
|
all=all,
|
|
@@ -11184,6 +11648,9 @@ class CfnRuleGroupProps:
|
|
|
11184
11648
|
ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
|
|
11185
11649
|
fallback_behavior="fallbackBehavior"
|
|
11186
11650
|
),
|
|
11651
|
+
ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
|
|
11652
|
+
fallback_behavior="fallbackBehavior"
|
|
11653
|
+
),
|
|
11187
11654
|
json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
|
|
11188
11655
|
match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
|
|
11189
11656
|
all=all,
|
|
@@ -12631,6 +13098,9 @@ class CfnWebACL(
|
|
|
12631
13098
|
ja3_fingerprint=wafv2.CfnWebACL.JA3FingerprintProperty(
|
|
12632
13099
|
fallback_behavior="fallbackBehavior"
|
|
12633
13100
|
),
|
|
13101
|
+
ja4_fingerprint=wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
13102
|
+
fallback_behavior="fallbackBehavior"
|
|
13103
|
+
),
|
|
12634
13104
|
json_body=wafv2.CfnWebACL.JsonBodyProperty(
|
|
12635
13105
|
match_pattern=wafv2.CfnWebACL.JsonMatchPatternProperty(
|
|
12636
13106
|
all=all,
|
|
@@ -13882,6 +14352,7 @@ class CfnWebACL(
|
|
|
13882
14352
|
"cookies": "cookies",
|
|
13883
14353
|
"headers": "headers",
|
|
13884
14354
|
"ja3_fingerprint": "ja3Fingerprint",
|
|
14355
|
+
"ja4_fingerprint": "ja4Fingerprint",
|
|
13885
14356
|
"json_body": "jsonBody",
|
|
13886
14357
|
"method": "method",
|
|
13887
14358
|
"query_string": "queryString",
|
|
@@ -13899,6 +14370,7 @@ class CfnWebACL(
|
|
|
13899
14370
|
cookies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.CookiesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
13900
14371
|
headers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.HeadersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
13901
14372
|
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.JA3FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
14373
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.JA4FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
13902
14374
|
json_body: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.JsonBodyProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
13903
14375
|
method: typing.Any = None,
|
|
13904
14376
|
query_string: typing.Any = None,
|
|
@@ -13928,6 +14400,7 @@ class CfnWebACL(
|
|
|
13928
14400
|
:param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
|
|
13929
14401
|
:param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
|
|
13930
14402
|
:param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
14403
|
+
:param ja4_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
13931
14404
|
:param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
|
|
13932
14405
|
:param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
|
|
13933
14406
|
:param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
|
|
@@ -13978,6 +14451,9 @@ class CfnWebACL(
|
|
|
13978
14451
|
ja3_fingerprint=wafv2.CfnWebACL.JA3FingerprintProperty(
|
|
13979
14452
|
fallback_behavior="fallbackBehavior"
|
|
13980
14453
|
),
|
|
14454
|
+
ja4_fingerprint=wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
14455
|
+
fallback_behavior="fallbackBehavior"
|
|
14456
|
+
),
|
|
13981
14457
|
json_body=wafv2.CfnWebACL.JsonBodyProperty(
|
|
13982
14458
|
match_pattern=wafv2.CfnWebACL.JsonMatchPatternProperty(
|
|
13983
14459
|
all=all,
|
|
@@ -14003,6 +14479,7 @@ class CfnWebACL(
|
|
|
14003
14479
|
check_type(argname="argument cookies", value=cookies, expected_type=type_hints["cookies"])
|
|
14004
14480
|
check_type(argname="argument headers", value=headers, expected_type=type_hints["headers"])
|
|
14005
14481
|
check_type(argname="argument ja3_fingerprint", value=ja3_fingerprint, expected_type=type_hints["ja3_fingerprint"])
|
|
14482
|
+
check_type(argname="argument ja4_fingerprint", value=ja4_fingerprint, expected_type=type_hints["ja4_fingerprint"])
|
|
14006
14483
|
check_type(argname="argument json_body", value=json_body, expected_type=type_hints["json_body"])
|
|
14007
14484
|
check_type(argname="argument method", value=method, expected_type=type_hints["method"])
|
|
14008
14485
|
check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
|
|
@@ -14020,6 +14497,8 @@ class CfnWebACL(
|
|
|
14020
14497
|
self._values["headers"] = headers
|
|
14021
14498
|
if ja3_fingerprint is not None:
|
|
14022
14499
|
self._values["ja3_fingerprint"] = ja3_fingerprint
|
|
14500
|
+
if ja4_fingerprint is not None:
|
|
14501
|
+
self._values["ja4_fingerprint"] = ja4_fingerprint
|
|
14023
14502
|
if json_body is not None:
|
|
14024
14503
|
self._values["json_body"] = json_body
|
|
14025
14504
|
if method is not None:
|
|
@@ -14112,6 +14591,26 @@ class CfnWebACL(
|
|
|
14112
14591
|
result = self._values.get("ja3_fingerprint")
|
|
14113
14592
|
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.JA3FingerprintProperty"]], result)
|
|
14114
14593
|
|
|
14594
|
+
@builtins.property
|
|
14595
|
+
def ja4_fingerprint(
|
|
14596
|
+
self,
|
|
14597
|
+
) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.JA4FingerprintProperty"]]:
|
|
14598
|
+
'''Available for use with Amazon CloudFront distributions and Application Load Balancers.
|
|
14599
|
+
|
|
14600
|
+
Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
|
|
14601
|
+
.. epigraph::
|
|
14602
|
+
|
|
14603
|
+
You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
|
|
14604
|
+
|
|
14605
|
+
You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
|
|
14606
|
+
|
|
14607
|
+
Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
14608
|
+
|
|
14609
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-ja4fingerprint
|
|
14610
|
+
'''
|
|
14611
|
+
result = self._values.get("ja4_fingerprint")
|
|
14612
|
+
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.JA4FingerprintProperty"]], result)
|
|
14613
|
+
|
|
14115
14614
|
@builtins.property
|
|
14116
14615
|
def json_body(
|
|
14117
14616
|
self,
|
|
@@ -14950,6 +15449,72 @@ class CfnWebACL(
|
|
|
14950
15449
|
k + "=" + repr(v) for k, v in self._values.items()
|
|
14951
15450
|
)
|
|
14952
15451
|
|
|
15452
|
+
@jsii.data_type(
|
|
15453
|
+
jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.JA4FingerprintProperty",
|
|
15454
|
+
jsii_struct_bases=[],
|
|
15455
|
+
name_mapping={"fallback_behavior": "fallbackBehavior"},
|
|
15456
|
+
)
|
|
15457
|
+
class JA4FingerprintProperty:
|
|
15458
|
+
def __init__(self, *, fallback_behavior: builtins.str) -> None:
|
|
15459
|
+
'''Available for use with Amazon CloudFront distributions and Application Load Balancers.
|
|
15460
|
+
|
|
15461
|
+
Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
|
|
15462
|
+
.. epigraph::
|
|
15463
|
+
|
|
15464
|
+
You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
|
|
15465
|
+
|
|
15466
|
+
You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
|
|
15467
|
+
|
|
15468
|
+
Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
|
|
15469
|
+
|
|
15470
|
+
:param fallback_behavior: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
15471
|
+
|
|
15472
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja4fingerprint.html
|
|
15473
|
+
:exampleMetadata: fixture=_generated
|
|
15474
|
+
|
|
15475
|
+
Example::
|
|
15476
|
+
|
|
15477
|
+
# The code below shows an example of how to instantiate this type.
|
|
15478
|
+
# The values are placeholders you should change.
|
|
15479
|
+
from aws_cdk import aws_wafv2 as wafv2
|
|
15480
|
+
|
|
15481
|
+
j_a4_fingerprint_property = wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
15482
|
+
fallback_behavior="fallbackBehavior"
|
|
15483
|
+
)
|
|
15484
|
+
'''
|
|
15485
|
+
if __debug__:
|
|
15486
|
+
type_hints = typing.get_type_hints(_typecheckingstub__d291ee91c69174f3c85a4f366df59f9a94555bb2191f94bfec169a28f40438d6)
|
|
15487
|
+
check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
|
|
15488
|
+
self._values: typing.Dict[builtins.str, typing.Any] = {
|
|
15489
|
+
"fallback_behavior": fallback_behavior,
|
|
15490
|
+
}
|
|
15491
|
+
|
|
15492
|
+
@builtins.property
|
|
15493
|
+
def fallback_behavior(self) -> builtins.str:
|
|
15494
|
+
'''The match status to assign to the web request if the request doesn't have a JA4 fingerprint.
|
|
15495
|
+
|
|
15496
|
+
You can specify the following fallback behaviors:
|
|
15497
|
+
|
|
15498
|
+
- ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
|
|
15499
|
+
- ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
15500
|
+
|
|
15501
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja4fingerprint.html#cfn-wafv2-webacl-ja4fingerprint-fallbackbehavior
|
|
15502
|
+
'''
|
|
15503
|
+
result = self._values.get("fallback_behavior")
|
|
15504
|
+
assert result is not None, "Required property 'fallback_behavior' is missing"
|
|
15505
|
+
return typing.cast(builtins.str, result)
|
|
15506
|
+
|
|
15507
|
+
def __eq__(self, rhs: typing.Any) -> builtins.bool:
|
|
15508
|
+
return isinstance(rhs, self.__class__) and rhs._values == self._values
|
|
15509
|
+
|
|
15510
|
+
def __ne__(self, rhs: typing.Any) -> builtins.bool:
|
|
15511
|
+
return not (rhs == self)
|
|
15512
|
+
|
|
15513
|
+
def __repr__(self) -> str:
|
|
15514
|
+
return "JA4FingerprintProperty(%s)" % ", ".join(
|
|
15515
|
+
k + "=" + repr(v) for k, v in self._values.items()
|
|
15516
|
+
)
|
|
15517
|
+
|
|
14953
15518
|
@jsii.data_type(
|
|
14954
15519
|
jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.JsonBodyProperty",
|
|
14955
15520
|
jsii_struct_bases=[],
|
|
@@ -15980,6 +16545,8 @@ class CfnWebACL(
|
|
|
15980
16545
|
"header": "header",
|
|
15981
16546
|
"http_method": "httpMethod",
|
|
15982
16547
|
"ip": "ip",
|
|
16548
|
+
"ja3_fingerprint": "ja3Fingerprint",
|
|
16549
|
+
"ja4_fingerprint": "ja4Fingerprint",
|
|
15983
16550
|
"label_namespace": "labelNamespace",
|
|
15984
16551
|
"query_argument": "queryArgument",
|
|
15985
16552
|
"query_string": "queryString",
|
|
@@ -15995,6 +16562,8 @@ class CfnWebACL(
|
|
|
15995
16562
|
header: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RateLimitHeaderProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
15996
16563
|
http_method: typing.Any = None,
|
|
15997
16564
|
ip: typing.Any = None,
|
|
16565
|
+
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RateLimitJA3FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
16566
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RateLimitJA4FingerprintProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
15998
16567
|
label_namespace: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RateLimitLabelNamespaceProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
15999
16568
|
query_argument: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RateLimitQueryArgumentProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
16000
16569
|
query_string: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RateLimitQueryStringProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
@@ -16011,6 +16580,8 @@ class CfnWebACL(
|
|
|
16011
16580
|
:param header: Use the value of a header in the request as an aggregate key. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
|
|
16012
16581
|
:param http_method: Use the request's HTTP method as an aggregate key. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.
|
|
16013
16582
|
:param ip: Use the request's originating IP address as an aggregate key. Each distinct IP address contributes to the aggregation instance. When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the IP address by specifying ``IP`` in your rate-based statement's ``AggregateKeyType`` .
|
|
16583
|
+
:param ja3_fingerprint: Use the request's JA3 fingerprint as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
16584
|
+
:param ja4_fingerprint: Use the request's JA4 fingerprint as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
16014
16585
|
:param label_namespace: Use the specified label namespace as an aggregate key. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance. This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL. For information about label namespaces and names, see `Label syntax and naming requirements <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html>`_ in the *AWS WAF Developer Guide* .
|
|
16015
16586
|
:param query_argument: Use the specified query argument as an aggregate key. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
|
|
16016
16587
|
:param query_string: Use the request's query string as an aggregate key. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
|
|
@@ -16047,6 +16618,12 @@ class CfnWebACL(
|
|
|
16047
16618
|
),
|
|
16048
16619
|
http_method=http_method,
|
|
16049
16620
|
ip=ip,
|
|
16621
|
+
ja3_fingerprint=wafv2.CfnWebACL.RateLimitJA3FingerprintProperty(
|
|
16622
|
+
fallback_behavior="fallbackBehavior"
|
|
16623
|
+
),
|
|
16624
|
+
ja4_fingerprint=wafv2.CfnWebACL.RateLimitJA4FingerprintProperty(
|
|
16625
|
+
fallback_behavior="fallbackBehavior"
|
|
16626
|
+
),
|
|
16050
16627
|
label_namespace=wafv2.CfnWebACL.RateLimitLabelNamespaceProperty(
|
|
16051
16628
|
namespace="namespace"
|
|
16052
16629
|
),
|
|
@@ -16078,6 +16655,8 @@ class CfnWebACL(
|
|
|
16078
16655
|
check_type(argname="argument header", value=header, expected_type=type_hints["header"])
|
|
16079
16656
|
check_type(argname="argument http_method", value=http_method, expected_type=type_hints["http_method"])
|
|
16080
16657
|
check_type(argname="argument ip", value=ip, expected_type=type_hints["ip"])
|
|
16658
|
+
check_type(argname="argument ja3_fingerprint", value=ja3_fingerprint, expected_type=type_hints["ja3_fingerprint"])
|
|
16659
|
+
check_type(argname="argument ja4_fingerprint", value=ja4_fingerprint, expected_type=type_hints["ja4_fingerprint"])
|
|
16081
16660
|
check_type(argname="argument label_namespace", value=label_namespace, expected_type=type_hints["label_namespace"])
|
|
16082
16661
|
check_type(argname="argument query_argument", value=query_argument, expected_type=type_hints["query_argument"])
|
|
16083
16662
|
check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
|
|
@@ -16093,6 +16672,10 @@ class CfnWebACL(
|
|
|
16093
16672
|
self._values["http_method"] = http_method
|
|
16094
16673
|
if ip is not None:
|
|
16095
16674
|
self._values["ip"] = ip
|
|
16675
|
+
if ja3_fingerprint is not None:
|
|
16676
|
+
self._values["ja3_fingerprint"] = ja3_fingerprint
|
|
16677
|
+
if ja4_fingerprint is not None:
|
|
16678
|
+
self._values["ja4_fingerprint"] = ja4_fingerprint
|
|
16096
16679
|
if label_namespace is not None:
|
|
16097
16680
|
self._values["label_namespace"] = label_namespace
|
|
16098
16681
|
if query_argument is not None:
|
|
@@ -16165,6 +16748,32 @@ class CfnWebACL(
|
|
|
16165
16748
|
result = self._values.get("ip")
|
|
16166
16749
|
return typing.cast(typing.Any, result)
|
|
16167
16750
|
|
|
16751
|
+
@builtins.property
|
|
16752
|
+
def ja3_fingerprint(
|
|
16753
|
+
self,
|
|
16754
|
+
) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.RateLimitJA3FingerprintProperty"]]:
|
|
16755
|
+
'''Use the request's JA3 fingerprint as an aggregate key.
|
|
16756
|
+
|
|
16757
|
+
If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
16758
|
+
|
|
16759
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-ja3fingerprint
|
|
16760
|
+
'''
|
|
16761
|
+
result = self._values.get("ja3_fingerprint")
|
|
16762
|
+
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.RateLimitJA3FingerprintProperty"]], result)
|
|
16763
|
+
|
|
16764
|
+
@builtins.property
|
|
16765
|
+
def ja4_fingerprint(
|
|
16766
|
+
self,
|
|
16767
|
+
) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.RateLimitJA4FingerprintProperty"]]:
|
|
16768
|
+
'''Use the request's JA4 fingerprint as an aggregate key.
|
|
16769
|
+
|
|
16770
|
+
If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
16771
|
+
|
|
16772
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-ja4fingerprint
|
|
16773
|
+
'''
|
|
16774
|
+
result = self._values.get("ja4_fingerprint")
|
|
16775
|
+
return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.RateLimitJA4FingerprintProperty"]], result)
|
|
16776
|
+
|
|
16168
16777
|
@builtins.property
|
|
16169
16778
|
def label_namespace(
|
|
16170
16779
|
self,
|
|
@@ -16612,6 +17221,124 @@ class CfnWebACL(
|
|
|
16612
17221
|
k + "=" + repr(v) for k, v in self._values.items()
|
|
16613
17222
|
)
|
|
16614
17223
|
|
|
17224
|
+
@jsii.data_type(
|
|
17225
|
+
jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.RateLimitJA3FingerprintProperty",
|
|
17226
|
+
jsii_struct_bases=[],
|
|
17227
|
+
name_mapping={"fallback_behavior": "fallbackBehavior"},
|
|
17228
|
+
)
|
|
17229
|
+
class RateLimitJA3FingerprintProperty:
|
|
17230
|
+
def __init__(self, *, fallback_behavior: builtins.str) -> None:
|
|
17231
|
+
'''Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
|
|
17232
|
+
|
|
17233
|
+
If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
17234
|
+
|
|
17235
|
+
:param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
17236
|
+
|
|
17237
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.html
|
|
17238
|
+
:exampleMetadata: fixture=_generated
|
|
17239
|
+
|
|
17240
|
+
Example::
|
|
17241
|
+
|
|
17242
|
+
# The code below shows an example of how to instantiate this type.
|
|
17243
|
+
# The values are placeholders you should change.
|
|
17244
|
+
from aws_cdk import aws_wafv2 as wafv2
|
|
17245
|
+
|
|
17246
|
+
rate_limit_jA3_fingerprint_property = wafv2.CfnWebACL.RateLimitJA3FingerprintProperty(
|
|
17247
|
+
fallback_behavior="fallbackBehavior"
|
|
17248
|
+
)
|
|
17249
|
+
'''
|
|
17250
|
+
if __debug__:
|
|
17251
|
+
type_hints = typing.get_type_hints(_typecheckingstub__6e8bd22e62b0bf12b8760a47f017961b595e2b5836296741e4be4bc580092564)
|
|
17252
|
+
check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
|
|
17253
|
+
self._values: typing.Dict[builtins.str, typing.Any] = {
|
|
17254
|
+
"fallback_behavior": fallback_behavior,
|
|
17255
|
+
}
|
|
17256
|
+
|
|
17257
|
+
@builtins.property
|
|
17258
|
+
def fallback_behavior(self) -> builtins.str:
|
|
17259
|
+
'''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint.
|
|
17260
|
+
|
|
17261
|
+
You can specify the following fallback behaviors:
|
|
17262
|
+
|
|
17263
|
+
- ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
|
|
17264
|
+
- ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
17265
|
+
|
|
17266
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.html#cfn-wafv2-webacl-ratelimitja3fingerprint-fallbackbehavior
|
|
17267
|
+
'''
|
|
17268
|
+
result = self._values.get("fallback_behavior")
|
|
17269
|
+
assert result is not None, "Required property 'fallback_behavior' is missing"
|
|
17270
|
+
return typing.cast(builtins.str, result)
|
|
17271
|
+
|
|
17272
|
+
def __eq__(self, rhs: typing.Any) -> builtins.bool:
|
|
17273
|
+
return isinstance(rhs, self.__class__) and rhs._values == self._values
|
|
17274
|
+
|
|
17275
|
+
def __ne__(self, rhs: typing.Any) -> builtins.bool:
|
|
17276
|
+
return not (rhs == self)
|
|
17277
|
+
|
|
17278
|
+
def __repr__(self) -> str:
|
|
17279
|
+
return "RateLimitJA3FingerprintProperty(%s)" % ", ".join(
|
|
17280
|
+
k + "=" + repr(v) for k, v in self._values.items()
|
|
17281
|
+
)
|
|
17282
|
+
|
|
17283
|
+
@jsii.data_type(
|
|
17284
|
+
jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.RateLimitJA4FingerprintProperty",
|
|
17285
|
+
jsii_struct_bases=[],
|
|
17286
|
+
name_mapping={"fallback_behavior": "fallbackBehavior"},
|
|
17287
|
+
)
|
|
17288
|
+
class RateLimitJA4FingerprintProperty:
|
|
17289
|
+
def __init__(self, *, fallback_behavior: builtins.str) -> None:
|
|
17290
|
+
'''Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
|
|
17291
|
+
|
|
17292
|
+
If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
|
|
17293
|
+
|
|
17294
|
+
:param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
17295
|
+
|
|
17296
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja4fingerprint.html
|
|
17297
|
+
:exampleMetadata: fixture=_generated
|
|
17298
|
+
|
|
17299
|
+
Example::
|
|
17300
|
+
|
|
17301
|
+
# The code below shows an example of how to instantiate this type.
|
|
17302
|
+
# The values are placeholders you should change.
|
|
17303
|
+
from aws_cdk import aws_wafv2 as wafv2
|
|
17304
|
+
|
|
17305
|
+
rate_limit_jA4_fingerprint_property = wafv2.CfnWebACL.RateLimitJA4FingerprintProperty(
|
|
17306
|
+
fallback_behavior="fallbackBehavior"
|
|
17307
|
+
)
|
|
17308
|
+
'''
|
|
17309
|
+
if __debug__:
|
|
17310
|
+
type_hints = typing.get_type_hints(_typecheckingstub__0fb6ee2c595dd2947dc6947a55f9aef69ae22832d84e4a5bdc269461247f50b4)
|
|
17311
|
+
check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
|
|
17312
|
+
self._values: typing.Dict[builtins.str, typing.Any] = {
|
|
17313
|
+
"fallback_behavior": fallback_behavior,
|
|
17314
|
+
}
|
|
17315
|
+
|
|
17316
|
+
@builtins.property
|
|
17317
|
+
def fallback_behavior(self) -> builtins.str:
|
|
17318
|
+
'''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint.
|
|
17319
|
+
|
|
17320
|
+
You can specify the following fallback behaviors:
|
|
17321
|
+
|
|
17322
|
+
- ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
|
|
17323
|
+
- ``NO_MATCH`` - Treat the web request as not matching the rule statement.
|
|
17324
|
+
|
|
17325
|
+
:see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja4fingerprint.html#cfn-wafv2-webacl-ratelimitja4fingerprint-fallbackbehavior
|
|
17326
|
+
'''
|
|
17327
|
+
result = self._values.get("fallback_behavior")
|
|
17328
|
+
assert result is not None, "Required property 'fallback_behavior' is missing"
|
|
17329
|
+
return typing.cast(builtins.str, result)
|
|
17330
|
+
|
|
17331
|
+
def __eq__(self, rhs: typing.Any) -> builtins.bool:
|
|
17332
|
+
return isinstance(rhs, self.__class__) and rhs._values == self._values
|
|
17333
|
+
|
|
17334
|
+
def __ne__(self, rhs: typing.Any) -> builtins.bool:
|
|
17335
|
+
return not (rhs == self)
|
|
17336
|
+
|
|
17337
|
+
def __repr__(self) -> str:
|
|
17338
|
+
return "RateLimitJA4FingerprintProperty(%s)" % ", ".join(
|
|
17339
|
+
k + "=" + repr(v) for k, v in self._values.items()
|
|
17340
|
+
)
|
|
17341
|
+
|
|
16615
17342
|
@jsii.data_type(
|
|
16616
17343
|
jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.RateLimitLabelNamespaceProperty",
|
|
16617
17344
|
jsii_struct_bases=[],
|
|
@@ -16947,6 +17674,9 @@ class CfnWebACL(
|
|
|
16947
17674
|
ja3_fingerprint=wafv2.CfnWebACL.JA3FingerprintProperty(
|
|
16948
17675
|
fallback_behavior="fallbackBehavior"
|
|
16949
17676
|
),
|
|
17677
|
+
ja4_fingerprint=wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
17678
|
+
fallback_behavior="fallbackBehavior"
|
|
17679
|
+
),
|
|
16950
17680
|
json_body=wafv2.CfnWebACL.JsonBodyProperty(
|
|
16951
17681
|
match_pattern=wafv2.CfnWebACL.JsonMatchPatternProperty(
|
|
16952
17682
|
all=all,
|
|
@@ -17101,6 +17831,9 @@ class CfnWebACL(
|
|
|
17101
17831
|
ja3_fingerprint=wafv2.CfnWebACL.JA3FingerprintProperty(
|
|
17102
17832
|
fallback_behavior="fallbackBehavior"
|
|
17103
17833
|
),
|
|
17834
|
+
ja4_fingerprint=wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
17835
|
+
fallback_behavior="fallbackBehavior"
|
|
17836
|
+
),
|
|
17104
17837
|
json_body=wafv2.CfnWebACL.JsonBodyProperty(
|
|
17105
17838
|
match_pattern=wafv2.CfnWebACL.JsonMatchPatternProperty(
|
|
17106
17839
|
all=all,
|
|
@@ -19013,6 +19746,9 @@ class CfnWebACL(
|
|
|
19013
19746
|
ja3_fingerprint=wafv2.CfnWebACL.JA3FingerprintProperty(
|
|
19014
19747
|
fallback_behavior="fallbackBehavior"
|
|
19015
19748
|
),
|
|
19749
|
+
ja4_fingerprint=wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
19750
|
+
fallback_behavior="fallbackBehavior"
|
|
19751
|
+
),
|
|
19016
19752
|
json_body=wafv2.CfnWebACL.JsonBodyProperty(
|
|
19017
19753
|
match_pattern=wafv2.CfnWebACL.JsonMatchPatternProperty(
|
|
19018
19754
|
all=all,
|
|
@@ -19176,6 +19912,9 @@ class CfnWebACL(
|
|
|
19176
19912
|
ja3_fingerprint=wafv2.CfnWebACL.JA3FingerprintProperty(
|
|
19177
19913
|
fallback_behavior="fallbackBehavior"
|
|
19178
19914
|
),
|
|
19915
|
+
ja4_fingerprint=wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
19916
|
+
fallback_behavior="fallbackBehavior"
|
|
19917
|
+
),
|
|
19179
19918
|
json_body=wafv2.CfnWebACL.JsonBodyProperty(
|
|
19180
19919
|
match_pattern=wafv2.CfnWebACL.JsonMatchPatternProperty(
|
|
19181
19920
|
all=all,
|
|
@@ -19892,6 +20631,9 @@ class CfnWebACL(
|
|
|
19892
20631
|
ja3_fingerprint=wafv2.CfnWebACL.JA3FingerprintProperty(
|
|
19893
20632
|
fallback_behavior="fallbackBehavior"
|
|
19894
20633
|
),
|
|
20634
|
+
ja4_fingerprint=wafv2.CfnWebACL.JA4FingerprintProperty(
|
|
20635
|
+
fallback_behavior="fallbackBehavior"
|
|
20636
|
+
),
|
|
19895
20637
|
json_body=wafv2.CfnWebACL.JsonBodyProperty(
|
|
19896
20638
|
match_pattern=wafv2.CfnWebACL.JsonMatchPatternProperty(
|
|
19897
20639
|
all=all,
|
|
@@ -20955,6 +21697,7 @@ def _typecheckingstub__dcb790c3130e52c64e6b7cf00db86b37d1b54427689c46b6c9e6a7122
|
|
|
20955
21697
|
cookies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.CookiesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
20956
21698
|
headers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.HeadersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
20957
21699
|
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.JA3FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21700
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.JA4FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
20958
21701
|
json_body: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.JsonBodyProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
20959
21702
|
method: typing.Any = None,
|
|
20960
21703
|
query_string: typing.Any = None,
|
|
@@ -21030,6 +21773,13 @@ def _typecheckingstub__1cba50229767598d7603bfa317a8bd11cfc2b12ca28d38737119d57d5
|
|
|
21030
21773
|
"""Type checking stubs"""
|
|
21031
21774
|
pass
|
|
21032
21775
|
|
|
21776
|
+
def _typecheckingstub__98d25072bace816c3ee0005576dfb4321dc85cb549d85f10845ec1379f11441b(
|
|
21777
|
+
*,
|
|
21778
|
+
fallback_behavior: builtins.str,
|
|
21779
|
+
) -> None:
|
|
21780
|
+
"""Type checking stubs"""
|
|
21781
|
+
pass
|
|
21782
|
+
|
|
21033
21783
|
def _typecheckingstub__602ab3bf019e524b1f85e0a2cdb3225626316719b294dfa66fcfd8b7fc9e7a09(
|
|
21034
21784
|
*,
|
|
21035
21785
|
match_pattern: typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.JsonMatchPatternProperty, typing.Dict[builtins.str, typing.Any]]],
|
|
@@ -21091,6 +21841,8 @@ def _typecheckingstub__6bc232408309212f7b145d76c0106073269f111e106ab6d74a4d2168f
|
|
|
21091
21841
|
header: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RateLimitHeaderProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21092
21842
|
http_method: typing.Any = None,
|
|
21093
21843
|
ip: typing.Any = None,
|
|
21844
|
+
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RateLimitJA3FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21845
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RateLimitJA4FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21094
21846
|
label_namespace: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RateLimitLabelNamespaceProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21095
21847
|
query_argument: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RateLimitQueryArgumentProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21096
21848
|
query_string: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RateLimitQueryStringProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
@@ -21127,6 +21879,20 @@ def _typecheckingstub__fdb02cef74b9bb28719ad3e0dbe3149e38c2bcf0347d4db5a38e8fae7
|
|
|
21127
21879
|
"""Type checking stubs"""
|
|
21128
21880
|
pass
|
|
21129
21881
|
|
|
21882
|
+
def _typecheckingstub__01cbbd4025c041374160f1ace2284204fed871076ebb05f8dbb9425055cf3060(
|
|
21883
|
+
*,
|
|
21884
|
+
fallback_behavior: builtins.str,
|
|
21885
|
+
) -> None:
|
|
21886
|
+
"""Type checking stubs"""
|
|
21887
|
+
pass
|
|
21888
|
+
|
|
21889
|
+
def _typecheckingstub__7133c91d3834ea8b9f0c3938b2bfa71b20890314ee89527acbfc32927f991d59(
|
|
21890
|
+
*,
|
|
21891
|
+
fallback_behavior: builtins.str,
|
|
21892
|
+
) -> None:
|
|
21893
|
+
"""Type checking stubs"""
|
|
21894
|
+
pass
|
|
21895
|
+
|
|
21130
21896
|
def _typecheckingstub__1b9d57259a6a98849a716499d960fb16a9c2fff26fa8916f287a6d4cbe4a1303(
|
|
21131
21897
|
*,
|
|
21132
21898
|
namespace: builtins.str,
|
|
@@ -21585,6 +22351,7 @@ def _typecheckingstub__25d147c856e9a8fd64f4cc05856e4813e584f37ef787792ad3c4e0790
|
|
|
21585
22351
|
cookies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CookiesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21586
22352
|
headers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.HeadersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21587
22353
|
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.JA3FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
22354
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.JA4FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21588
22355
|
json_body: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.JsonBodyProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21589
22356
|
method: typing.Any = None,
|
|
21590
22357
|
query_string: typing.Any = None,
|
|
@@ -21660,6 +22427,13 @@ def _typecheckingstub__129b51143b193ce4679091a559f9a4073c03a2bccc1ccb884fe1b4dd3
|
|
|
21660
22427
|
"""Type checking stubs"""
|
|
21661
22428
|
pass
|
|
21662
22429
|
|
|
22430
|
+
def _typecheckingstub__d291ee91c69174f3c85a4f366df59f9a94555bb2191f94bfec169a28f40438d6(
|
|
22431
|
+
*,
|
|
22432
|
+
fallback_behavior: builtins.str,
|
|
22433
|
+
) -> None:
|
|
22434
|
+
"""Type checking stubs"""
|
|
22435
|
+
pass
|
|
22436
|
+
|
|
21663
22437
|
def _typecheckingstub__b371d01e6e192e377c25d061f5a40b73b3aca7d15781a83f612151eddebe6fa2(
|
|
21664
22438
|
*,
|
|
21665
22439
|
match_pattern: typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.JsonMatchPatternProperty, typing.Dict[builtins.str, typing.Any]]],
|
|
@@ -21748,6 +22522,8 @@ def _typecheckingstub__2edac52bcb13f69d4349ba55a4d083851908f1dd71831794e88ac043e
|
|
|
21748
22522
|
header: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RateLimitHeaderProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21749
22523
|
http_method: typing.Any = None,
|
|
21750
22524
|
ip: typing.Any = None,
|
|
22525
|
+
ja3_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RateLimitJA3FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
22526
|
+
ja4_fingerprint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RateLimitJA4FingerprintProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21751
22527
|
label_namespace: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RateLimitLabelNamespaceProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21752
22528
|
query_argument: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RateLimitQueryArgumentProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
21753
22529
|
query_string: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RateLimitQueryStringProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
|
|
@@ -21784,6 +22560,20 @@ def _typecheckingstub__da3edefddbc454f4818df98348789f048fa440013638ab8b17bcf3ee2
|
|
|
21784
22560
|
"""Type checking stubs"""
|
|
21785
22561
|
pass
|
|
21786
22562
|
|
|
22563
|
+
def _typecheckingstub__6e8bd22e62b0bf12b8760a47f017961b595e2b5836296741e4be4bc580092564(
|
|
22564
|
+
*,
|
|
22565
|
+
fallback_behavior: builtins.str,
|
|
22566
|
+
) -> None:
|
|
22567
|
+
"""Type checking stubs"""
|
|
22568
|
+
pass
|
|
22569
|
+
|
|
22570
|
+
def _typecheckingstub__0fb6ee2c595dd2947dc6947a55f9aef69ae22832d84e4a5bdc269461247f50b4(
|
|
22571
|
+
*,
|
|
22572
|
+
fallback_behavior: builtins.str,
|
|
22573
|
+
) -> None:
|
|
22574
|
+
"""Type checking stubs"""
|
|
22575
|
+
pass
|
|
22576
|
+
|
|
21787
22577
|
def _typecheckingstub__cd332af4365738eada762a2b31aa36cbf28e27c021a06c4030d009ae6e2ec6e8(
|
|
21788
22578
|
*,
|
|
21789
22579
|
namespace: builtins.str,
|