| rule set subresource |
A set of rules having the request filters for the web acl. Maximum allowed items are 10. (Required)
- name
- The name of the rule. (Required)
- priority
- The priority of the rule. The priority assigned needs to be ordered in increasing order starting from 0. (Required)
- visibility-config
- The visibility configuration for the rule. (Required)
- action
- The action to perform if the rule passes. Cannot be set if
override-action is set. Valid values are ALLOW, BLOCK or COUNT.
- override-action
- The override action to perform if the rule passes. Cannot be set if
action is set. Valid values are NONE or COUNT.
- statement subresource
The statement configuration having the individual conditions.
- and-statement subresource
And statement configuration.
- statement set
- The set of statement resource associated with the AND statement. (Required)
- not-statement subresource
Not statement configuration.
- statement
- The statement resource associated with the NOT statement. (Required)
- or-statement subresource
Or statement configuration.
- statement set
- The set of statement resource associated with the OR statement. Minimum required items are
2. (Required)
- byte-match-statement subresource
Byte Match statement configuration.
- field-to-match subresource
The field setting to match the condition. (Required)
- match-type
- The field match type. Valid values are
SINGLE_HEADER, SINGLE_QUERY_ARGUMENT, ALL_QUERY_ARGUMENTS, BODY, QUERY_STRING, METHOD or URI_PATH. (Required)
- name
- The name of the field to match. Only required if
match-type set to SINGLE_HEADER or SINGLE_QUERY_ARGUMENT.
- positional-constraint
- The positional search type for the search string. Valid values are
EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS or CONTAINS_WORD. (Required)
- text-transformation set subresource
Text transformation configuration on the data provided before doing the check. Maximum allowed items are 3.
- priority
- The priority of the text transformation. (Required)
- type
- The type of the text transformation. Valid values are
NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE or URL_DECODE. (Required)
- search-string
- The search string you want aws to search for in the request. (Required)
- geo-match-statement subresource
Geo statement configuration.
- country-codes set
- A set of 2 character country codes based on ISO 3166 on which to filter the request. (Required)
- ip-set-reference-statement subresource
IP set reference statement configuration.
- ip-set
- The ip set resource to associate with. (Required)
- regex-pattern-set-reference-statement subresource
- Regex pattern reference statement configuration.
- size-constraint-statement subresource
Size constraint statement configuration.
- field-to-match subresource
The field setting to match the condition. (Required)
- match-type
- The field match type. Valid values are
SINGLE_HEADER, SINGLE_QUERY_ARGUMENT, ALL_QUERY_ARGUMENTS, BODY, QUERY_STRING, METHOD or URI_PATH. (Required)
- name
- The name of the field to match. Only required if
match-type set to SINGLE_HEADER or SINGLE_QUERY_ARGUMENT.
- comparison-operator
- The comparison operator for the size specified. Valid values are
EQ, NE, LE, LT, GE or GT. (Required)
- text-transformation set subresource
Text transformation configuration on the data provided before doing the check. Maximum allowed items are 3.
- priority
- The priority of the text transformation. (Required)
- type
- The type of the text transformation. Valid values are
NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE or URL_DECODE. (Required)
- size
- The size in byte for the constraint to work on. (Required)
- sqli-match-statement subresource
- Sql Injection statement configuration.
- xss-match-statement subresource
Xss match statement configuration.
- field-to-match subresource
The field setting to match the condition. (Required)
- match-type
- The field match type. Valid values are
SINGLE_HEADER, SINGLE_QUERY_ARGUMENT, ALL_QUERY_ARGUMENTS, BODY, QUERY_STRING, METHOD or URI_PATH. (Required)
- name
- The name of the field to match. Only required if
match-type set to SINGLE_HEADER or SINGLE_QUERY_ARGUMENT.
- text-transformation set subresource
Text transformation configuration on the data provided before doing the check. Maximum allowed items are 3.
- priority
- The priority of the text transformation. (Required)
- type
- The type of the text transformation. Valid values are
NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE or URL_DECODE. (Required)
- rate-based-statement subresource
Rate based statement configuration.
- aggregate-key-type
- The aggregate key type for the rate based statement. Defaults to
IP. Currently the only supported value is IP.
- limit
- The rate limit for the rate based statement. Minimum allowed value is
100. (Required)
- scope-down-statement
- The statement resource associated with the rate based statement.
- managed-rule-group-statement subresource
Managed rule group statement configuration.
- excluded-rules set
- A set of rule names to be excluded that are part of the associated managed rule group.
- name
- The name of the managed rule group. (Required)
- vendor-name
- The vendor name of the managed rule group. (Required)
- rule-group-reference-statement subresource
Rule group reference statement configuration.
- rule-group
- A rule group resource to reference with. (Required)
- excluded-rules set
- A set of rule names to be excluded that are part of the referenced rule group resource.
|
| logging-configuration subresource |
The logging configuration for the web acl.
- redacted-field set subresource
The set of field match setting to take out of logging.
- match-type
- The field match type. Valid values are
SINGLE_HEADER, SINGLE_QUERY_ARGUMENT, ALL_QUERY_ARGUMENTS, BODY, QUERY_STRING, METHOD or URI_PATH. (Required)
- name
- The name of the field to match. Only required if
match-type set to SINGLE_HEADER or SINGLE_QUERY_ARGUMENT.
- log-destination-configs set
- A set of arn of AWS Kinesis Data Firehouse to associate with the web acl.
|