# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::WAFV2 module Types # Information for a single API key. # # API keys are required for the integration of the CAPTCHA API in your # JavaScript client applications. The API lets you customize the # placement and characteristics of the CAPTCHA puzzle for your end # users. For more information about the CAPTCHA JavaScript integration, # see [WAF client application integration][1] in the *WAF Developer # Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html # # @!attribute [rw] token_domains # The token domains that are defined in this API key. # @return [Array] # # @!attribute [rw] api_key # The generated, encrypted API key. You can copy this for use in your # JavaScript CAPTCHA integration. # @return [String] # # @!attribute [rw] creation_timestamp # The date and time that the key was created. # @return [Time] # # @!attribute [rw] version # Internal value used by WAF to manage the key. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/APIKeySummary AWS API Documentation # class APIKeySummary < Struct.new( :token_domains, :api_key, :creation_timestamp, :version) SENSITIVE = [] include Aws::Structure end # Details for your use of the account creation fraud prevention managed # rule group, `AWSManagedRulesACFPRuleSet`. This configuration is used # in `ManagedRuleGroupConfig`. # # @!attribute [rw] creation_path # The path of the account creation endpoint for your application. This # is the page on your website that accepts the completed registration # form for a new user. This page must accept `POST` requests. # # For example, for the URL `https://example.com/web/newaccount`, you # would provide the path `/web/newaccount`. Account creation page # paths that start with the path that you provide are considered a # match. For example `/web/newaccount` matches the account creation # paths `/web/newaccount`, `/web/newaccount/`, `/web/newaccountPage`, # and `/web/newaccount/thisPage`, but doesn't match the path # `/home/web/newaccount` or `/website/newaccount`. # @return [String] # # @!attribute [rw] registration_page_path # The path of the account registration endpoint for your application. # This is the page on your website that presents the registration form # to new users. # # This page must accept `GET` text/html requests. # # # # For example, for the URL `https://example.com/web/registration`, you # would provide the path `/web/registration`. Registration page paths # that start with the path that you provide are considered a match. # For example `/web/registration` matches the registration paths # `/web/registration`, `/web/registration/`, `/web/registrationPage`, # and `/web/registration/thisPage`, but doesn't match the path # `/home/web/registration` or `/website/registration`. # @return [String] # # @!attribute [rw] request_inspection # The criteria for inspecting account creation requests, used by the # ACFP rule group to validate and track account creation attempts. # @return [Types::RequestInspectionACFP] # # @!attribute [rw] response_inspection # The criteria for inspecting responses to account creation requests, # used by the ACFP rule group to track account creation success rates. # # Response inspection is available only in web ACLs that protect # Amazon CloudFront distributions. # # # # The ACFP rule group evaluates the responses that your protected # resources send back to client account creation attempts, keeping # count of successful and failed attempts from each IP address and # client session. Using this information, the rule group labels and # mitigates requests from client sessions and IP addresses that have # had too many successful account creation attempts in a short amount # of time. # @return [Types::ResponseInspection] # # @!attribute [rw] enable_regex_in_path # Allow the use of regular expressions in the registration page path # and the account creation path. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesACFPRuleSet AWS API Documentation # class AWSManagedRulesACFPRuleSet < Struct.new( :creation_path, :registration_page_path, :request_inspection, :response_inspection, :enable_regex_in_path) SENSITIVE = [] include Aws::Structure end # Details for your use of the account takeover prevention managed rule # group, `AWSManagedRulesATPRuleSet`. This configuration is used in # `ManagedRuleGroupConfig`. # # @!attribute [rw] login_path # The path of the login endpoint for your application. For example, # for the URL `https://example.com/web/login`, you would provide the # path `/web/login`. Login paths that start with the path that you # provide are considered a match. For example `/web/login` matches the # login paths `/web/login`, `/web/login/`, `/web/loginPage`, and # `/web/login/thisPage`, but doesn't match the login path # `/home/web/login` or `/website/login`. # # The rule group inspects only HTTP `POST` requests to your specified # login endpoint. # @return [String] # # @!attribute [rw] request_inspection # The criteria for inspecting login requests, used by the ATP rule # group to validate credentials usage. # @return [Types::RequestInspection] # # @!attribute [rw] response_inspection # The criteria for inspecting responses to login requests, used by the # ATP rule group to track login failure rates. # # Response inspection is available only in web ACLs that protect # Amazon CloudFront distributions. # # # # The ATP rule group evaluates the responses that your protected # resources send back to client login attempts, keeping count of # successful and failed attempts for each IP address and client # session. Using this information, the rule group labels and mitigates # requests from client sessions and IP addresses that have had too # many failed login attempts in a short amount of time. # @return [Types::ResponseInspection] # # @!attribute [rw] enable_regex_in_path # Allow the use of regular expressions in the login page path. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesATPRuleSet AWS API Documentation # class AWSManagedRulesATPRuleSet < Struct.new( :login_path, :request_inspection, :response_inspection, :enable_regex_in_path) SENSITIVE = [] include Aws::Structure end # Details for your use of the Bot Control managed rule group, # `AWSManagedRulesBotControlRuleSet`. This configuration is used in # `ManagedRuleGroupConfig`. # # @!attribute [rw] inspection_level # The inspection level to use for the Bot Control rule group. The # common level is the least expensive. The targeted level includes all # common level rules and adds rules with more advanced inspection # criteria. For details, see [WAF Bot Control rule group][1] in the # *WAF Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html # @return [String] # # @!attribute [rw] enable_machine_learning # Applies only to the targeted inspection level. # # Determines whether to use machine learning (ML) to analyze your web # traffic for bot-related activity. Machine learning is required for # the Bot Control rules `TGT_ML_CoordinatedActivityLow` and # `TGT_ML_CoordinatedActivityMedium`, which inspect for anomalous # behavior that might indicate distributed, coordinated bot activity. # # For more information about this choice, see the listing for these # rules in the table at [Bot Control rules listing][1] in the *WAF # Developer Guide*. # # Default: `TRUE` # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html#aws-managed-rule-groups-bot-rules # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesBotControlRuleSet AWS API Documentation # class AWSManagedRulesBotControlRuleSet < Struct.new( :inspection_level, :enable_machine_learning) SENSITIVE = [] include Aws::Structure end # A single action condition for a Condition in a logging filter. # # @!attribute [rw] action # The action setting that a log record must contain in order to meet # the condition. This is the action that WAF applied to the web # request. # # For rule groups, this is either the configured rule action setting, # or if you've applied a rule action override to the rule, it's the # override action. The value `EXCLUDED_AS_COUNT` matches on excluded # rules and also on rules that have a rule action override of Count. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ActionCondition AWS API Documentation # class ActionCondition < Struct.new( :action) SENSITIVE = [] include Aws::Structure end # The name of a field in the request payload that contains part or all # of your customer's primary physical address. # # This data type is used in the `RequestInspectionACFP` data type. # # @!attribute [rw] identifier # The name of a single primary address field. # # How you specify the address fields depends on the request inspection # payload type. # # * For JSON payloads, specify the field identifiers in JSON pointer # syntax. For information about the JSON Pointer syntax, see the # Internet Engineering Task Force (IETF) documentation [JavaScript # Object Notation (JSON) Pointer][1]. # # For example, for the JSON payload `\{ "form": \{ # "primaryaddressline1": "THE_ADDRESS1", "primaryaddressline2": # "THE_ADDRESS2", "primaryaddressline3": "THE_ADDRESS3" \} \}`, the # address field idenfiers are `/form/primaryaddressline1`, # `/form/primaryaddressline2`, and `/form/primaryaddressline3`. # # * For form encoded payload types, use the HTML form names. # # For example, for an HTML form with input elements named # `primaryaddressline1`, `primaryaddressline2`, and # `primaryaddressline3`, the address fields identifiers are # `primaryaddressline1`, `primaryaddressline2`, and # `primaryaddressline3`. # # # # [1]: https://tools.ietf.org/html/rfc6901 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AddressField AWS API Documentation # class AddressField < Struct.new( :identifier) SENSITIVE = [] include Aws::Structure end # Inspect all of the elements that WAF has parsed and extracted from the # web request component that you've identified in your FieldToMatch # specifications. # # This is used in the FieldToMatch specification for some web request # component types. # # JSON specification: `"All": \{\}` # # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/All AWS API Documentation # class All < Aws::EmptyStructure; end # Inspect all query arguments of the web request. # # This is used in the FieldToMatch specification for some web request # component types. # # JSON specification: `"AllQueryArguments": \{\}` # # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllQueryArguments AWS API Documentation # class AllQueryArguments < Aws::EmptyStructure; end # Specifies that WAF should allow the request and optionally defines # additional custom handling for the request. # # This is used in the context of other settings, for example to specify # values for RuleAction and web ACL DefaultAction. # # @!attribute [rw] custom_request_handling # Defines custom handling for the web request. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # @return [Types::CustomRequestHandling] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllowAction AWS API Documentation # class AllowAction < Struct.new( :custom_request_handling) SENSITIVE = [] include Aws::Structure end # A logical rule statement used to combine other rule statements with # AND logic. You provide more than one Statement within the # `AndStatement`. # # @!attribute [rw] statements # The statements to combine with AND logic. You can use any statements # that can be nested. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AndStatement AWS API Documentation # class AndStatement < Struct.new( :statements) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] web_acl_arn # The Amazon Resource Name (ARN) of the web ACL that you want to # associate with the resource. # @return [String] # # @!attribute [rw] resource_arn # The Amazon Resource Name (ARN) of the resource to associate with the # web ACL. # # The ARN must be in one of the following formats: # # * For an Application Load Balancer: # `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id # ` # # * For an Amazon API Gateway REST API: # `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name # ` # # * For an AppSync GraphQL API: # `arn:partition:appsync:region:account-id:apis/GraphQLApiId ` # # * For an Amazon Cognito user pool: # `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id # ` # # * For an App Runner service: # `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id # ` # # * For an Amazon Web Services Verified Access instance: # `arn:partition:ec2:region:account-id:verified-access-instance/instance-id # ` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociateWebACLRequest AWS API Documentation # class AssociateWebACLRequest < Struct.new( :web_acl_arn, :resource_arn) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociateWebACLResponse AWS API Documentation # class AssociateWebACLResponse < Aws::EmptyStructure; end # Specifies custom configurations for the associations between the web # ACL and protected resources. # # Use this to customize the maximum size of the request body that your # protected CloudFront distributions forward to WAF for inspection. The # default is 16 KB (16,384 bytes). # # You are charged additional fees when your protected resources forward # body sizes that are larger than the default. For more information, see # [WAF Pricing][1]. # # # # # # [1]: http://aws.amazon.com/waf/pricing/ # # @!attribute [rw] request_body # Customizes the maximum size of the request body that your protected # CloudFront distributions forward to WAF for inspection. The default # size is 16 KB (16,384 bytes). # # You are charged additional fees when your protected resources # forward body sizes that are larger than the default. For more # information, see [WAF Pricing][1]. # # # # # # [1]: http://aws.amazon.com/waf/pricing/ # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociationConfig AWS API Documentation # class AssociationConfig < Struct.new( :request_body) SENSITIVE = [] include Aws::Structure end # Specifies that WAF should block the request and optionally defines # additional custom handling for the response to the web request. # # This is used in the context of other settings, for example to specify # values for RuleAction and web ACL DefaultAction. # # @!attribute [rw] custom_response # Defines a custom response for the web request. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # @return [Types::CustomResponse] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/BlockAction AWS API Documentation # class BlockAction < Struct.new( :custom_response) SENSITIVE = [] include Aws::Structure end # Inspect the body of the web request. The body immediately follows the # request headers. # # This is used to indicate the web request component to inspect, in the # FieldToMatch specification. # # @!attribute [rw] oversize_handling # What WAF should do if the body is larger than WAF can inspect. WAF # does not support inspecting the entire contents of the web request # body if the body exceeds the limit for the resource type. If the # body is larger than the limit, the underlying host service only # forwards the contents that are below the limit to WAF for # inspection. # # The default limit is 8 KB (8,192 bytes) for regional resources and # 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront # distributions, you can increase the limit in the web ACL # `AssociationConfig`, for additional processing fees. # # The options for oversize handling are the following: # # * `CONTINUE` - Inspect the available body contents normally, # according to the rule inspection criteria. # # * `MATCH` - Treat the web request as matching the rule statement. # WAF applies the rule action to the request. # # * `NO_MATCH` - Treat the web request as not matching the rule # statement. # # You can combine the `MATCH` or `NO_MATCH` settings for oversize # handling with your rule and web ACL action settings, so that you # block any request whose body is over the limit. # # Default: `CONTINUE` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Body AWS API Documentation # class Body < Struct.new( :oversize_handling) SENSITIVE = [] include Aws::Structure end # A rule statement that defines a string match search for WAF to apply # to web requests. The byte match statement provides the bytes to search # for, the location in requests that you want WAF to search, and other # settings. The bytes to search for are typically a string that # corresponds with ASCII characters. In the WAF console and the # developer guide, this is called a string match statement. # # @!attribute [rw] search_string # A string value that you want WAF to search for. WAF searches only in # the part of web requests that you designate for inspection in # FieldToMatch. The maximum length of the value is 200 bytes. # # Valid values depend on the component that you specify for inspection # in `FieldToMatch`: # # * `Method`: The HTTP method that you want WAF to search for. This # indicates the type of operation specified in the request. # # * `UriPath`: The value that you want WAF to search for in the URI # path, for example, `/images/daily-ad.jpg`. # # * `JA3Fingerprint`: Match against the request's JA3 fingerprint. # The JA3 fingerprint is a 32-character hash derived from the TLS # Client Hello of an incoming request. This fingerprint serves as a # unique identifier for the client's TLS configuration. You can use # this choice only with a string match `ByteMatchStatement` with the # `PositionalConstraint` set to `EXACTLY`. # # You can obtain the JA3 fingerprint for client requests from the # web ACL logs. If WAF is able to calculate the fingerprint, it # includes it in the logs. For information about the logging fields, # see [Log fields][1] in the *WAF Developer Guide*. # # * `HeaderOrder`: The comma-separated list of header names to match # for. WAF creates a string that contains the ordered list of header # names, from the headers in the web request, and then matches # against that string. # # If `SearchString` includes alphabetic characters A-Z and a-z, note # that the value is case sensitive. # # **If you're using the WAF API** # # Specify a base64-encoded version of the value. The maximum length of # the value before you base64-encode it is 200 bytes. # # For example, suppose the value of `Type` is `HEADER` and the value # of `Data` is `User-Agent`. If you want to search the `User-Agent` # header for the value `BadBot`, you base64-encode `BadBot` using MIME # base64-encoding and include the resulting value, `QmFkQm90`, in the # value of `SearchString`. # # **If you're using the CLI or one of the Amazon Web Services SDKs** # # The value that you want WAF to search for. The SDK automatically # base64 encodes the value. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html # @return [String] # # @!attribute [rw] field_to_match # The part of the web request that you want WAF to inspect. # @return [Types::FieldToMatch] # # @!attribute [rw] text_transformations # Text transformations eliminate some of the unusual formatting that # attackers use in web requests in an effort to bypass detection. Text # transformations are used in rule match statements, to transform the # `FieldToMatch` request component before inspecting it, and they're # used in rate-based rule statements, to transform request components # before using them as custom aggregation keys. If you specify one or # more transformations to apply, WAF performs all transformations on # the specified content, starting from the lowest priority setting, # and then uses the transformed component contents. # @return [Array] # # @!attribute [rw] positional_constraint # The area within the portion of the web request that you want WAF to # search for `SearchString`. Valid values include the following: # # **CONTAINS** # # The specified part of the web request must include the value of # `SearchString`, but the location doesn't matter. # # **CONTAINS\_WORD** # # The specified part of the web request must include the value of # `SearchString`, and `SearchString` must contain only alphanumeric # characters or underscore (A-Z, a-z, 0-9, or \_). In addition, # `SearchString` must be a word, which means that both of the # following are true: # # * `SearchString` is at the beginning of the specified part of the # web request or is preceded by a character other than an # alphanumeric character or underscore (\_). Examples include the # value of a header and `;BadBot`. # # * `SearchString` is at the end of the specified part of the web # request or is followed by a character other than an alphanumeric # character or underscore (\_), for example, `BadBot;` and # `-BadBot;`. # # **EXACTLY** # # The value of the specified part of the web request must exactly # match the value of `SearchString`. # # **STARTS\_WITH** # # The value of `SearchString` must appear at the beginning of the # specified part of the web request. # # **ENDS\_WITH** # # The value of `SearchString` must appear at the end of the specified # part of the web request. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ByteMatchStatement AWS API Documentation # class ByteMatchStatement < Struct.new( :search_string, :field_to_match, :text_transformations, :positional_constraint) SENSITIVE = [] include Aws::Structure end # Specifies that WAF should run a `CAPTCHA` check against the request: # # * If the request includes a valid, unexpired `CAPTCHA` token, WAF # applies any custom request handling and labels that you've # configured and then allows the web request inspection to proceed to # the next rule, similar to a `CountAction`. # # * If the request doesn't include a valid, unexpired token, WAF # discontinues the web ACL evaluation of the request and blocks it # from going to its intended destination. # # WAF generates a response that it sends back to the client, which # includes the following: # # * The header `x-amzn-waf-action` with a value of `captcha`. # # * The HTTP status code `405 Method Not Allowed`. # # * If the request contains an `Accept` header with a value of # `text/html`, the response includes a `CAPTCHA` JavaScript page # interstitial. # # You can configure the expiration time in the `CaptchaConfig` # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule # setting overrides the web ACL setting. # # This action option is available for rules. It isn't available for web # ACL default actions. # # @!attribute [rw] custom_request_handling # Defines custom handling for the web request, used when the `CAPTCHA` # inspection determines that the request's token is valid and # unexpired. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # @return [Types::CustomRequestHandling] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation # class CaptchaAction < Struct.new( :custom_request_handling) SENSITIVE = [] include Aws::Structure end # Specifies how WAF should handle `CAPTCHA` evaluations. This is # available at the web ACL level and in each rule. # # @!attribute [rw] immunity_time_property # Determines how long a `CAPTCHA` timestamp in the token remains valid # after the client successfully solves a `CAPTCHA` puzzle. # @return [Types::ImmunityTimeProperty] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaConfig AWS API Documentation # class CaptchaConfig < Struct.new( :immunity_time_property) SENSITIVE = [] include Aws::Structure end # The result from the inspection of the web request for a valid # `CAPTCHA` token. # # @!attribute [rw] response_code # The HTTP response code indicating the status of the `CAPTCHA` token # in the web request. If the token is missing, invalid, or expired, # this code is `405 Method Not Allowed`. # @return [Integer] # # @!attribute [rw] solve_timestamp # The time that the `CAPTCHA` was last solved for the supplied token. # @return [Integer] # # @!attribute [rw] failure_reason # The reason for failure, populated when the evaluation of the token # fails. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaResponse AWS API Documentation # class CaptchaResponse < Struct.new( :response_code, :solve_timestamp, :failure_reason) SENSITIVE = [] include Aws::Structure end # Specifies that WAF should run a `Challenge` check against the request # to verify that the request is coming from a legitimate client session: # # * If the request includes a valid, unexpired challenge token, WAF # applies any custom request handling and labels that you've # configured and then allows the web request inspection to proceed to # the next rule, similar to a `CountAction`. # # * If the request doesn't include a valid, unexpired challenge token, # WAF discontinues the web ACL evaluation of the request and blocks it # from going to its intended destination. # # WAF then generates a challenge response that it sends back to the # client, which includes the following: # # * The header `x-amzn-waf-action` with a value of `challenge`. # # * The HTTP status code `202 Request Accepted`. # # * If the request contains an `Accept` header with a value of # `text/html`, the response includes a JavaScript page interstitial # with a challenge script. # # Challenges run silent browser interrogations in the background, and # don't generally affect the end user experience. # # A challenge enforces token acquisition using an interstitial # JavaScript challenge that inspects the client session for legitimate # behavior. The challenge blocks bots or at least increases the cost # of operating sophisticated bots. # # After the client session successfully responds to the challenge, it # receives a new token from WAF, which the challenge script uses to # resubmit the original request. # # You can configure the expiration time in the `ChallengeConfig` # `ImmunityTimeProperty` setting at the rule and web ACL level. The rule # setting overrides the web ACL setting. # # This action option is available for rules. It isn't available for web # ACL default actions. # # @!attribute [rw] custom_request_handling # Defines custom handling for the web request, used when the challenge # inspection determines that the request's token is valid and # unexpired. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # @return [Types::CustomRequestHandling] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation # class ChallengeAction < Struct.new( :custom_request_handling) SENSITIVE = [] include Aws::Structure end # Specifies how WAF should handle `Challenge` evaluations. This is # available at the web ACL level and in each rule. # # @!attribute [rw] immunity_time_property # Determines how long a challenge timestamp in the token remains valid # after the client successfully responds to a challenge. # @return [Types::ImmunityTimeProperty] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeConfig AWS API Documentation # class ChallengeConfig < Struct.new( :immunity_time_property) SENSITIVE = [] include Aws::Structure end # The result from the inspection of the web request for a valid # challenge token. # # @!attribute [rw] response_code # The HTTP response code indicating the status of the challenge token # in the web request. If the token is missing, invalid, or expired, # this code is `202 Request Accepted`. # @return [Integer] # # @!attribute [rw] solve_timestamp # The time that the challenge was last solved for the supplied token. # @return [Integer] # # @!attribute [rw] failure_reason # The reason for failure, populated when the evaluation of the token # fails. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeResponse AWS API Documentation # class ChallengeResponse < Struct.new( :response_code, :solve_timestamp, :failure_reason) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] rules # An array of Rule that you're configuring to use in a rule group or # web ACL. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CheckCapacityRequest AWS API Documentation # class CheckCapacityRequest < Struct.new( :scope, :rules) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] capacity # The capacity required by the rules and scope. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CheckCapacityResponse AWS API Documentation # class CheckCapacityResponse < Struct.new( :capacity) SENSITIVE = [] include Aws::Structure end # A single match condition for a Filter. # # @!attribute [rw] action_condition # A single action condition. This is the action setting that a log # record must contain in order to meet the condition. # @return [Types::ActionCondition] # # @!attribute [rw] label_name_condition # A single label name condition. This is the fully qualified label # name that a log record must contain in order to meet the condition. # Fully qualified labels have a prefix, optional namespaces, and label # name. The prefix identifies the rule group or web ACL context of the # rule that added the label. # @return [Types::LabelNameCondition] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Condition AWS API Documentation # class Condition < Struct.new( :action_condition, :label_name_condition) SENSITIVE = [] include Aws::Structure end # The filter to use to identify the subset of cookies to inspect in a # web request. # # You must specify exactly one setting: either `All`, `IncludedCookies`, # or `ExcludedCookies`. # # Example JSON: `"MatchPattern": \{ "IncludedCookies": [ # "session-id-time", "session-id" ] \}` # # @!attribute [rw] all # Inspect all cookies. # @return [Types::All] # # @!attribute [rw] included_cookies # Inspect only the cookies that have a key that matches one of the # strings specified here. # @return [Array] # # @!attribute [rw] excluded_cookies # Inspect only the cookies whose keys don't match any of the strings # specified here. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CookieMatchPattern AWS API Documentation # class CookieMatchPattern < Struct.new( :all, :included_cookies, :excluded_cookies) SENSITIVE = [] include Aws::Structure end # Inspect the cookies in the web request. You can specify the parts of # the cookies to inspect and you can narrow the set of cookies to # inspect by including or excluding specific keys. # # This is used to indicate the web request component to inspect, in the # FieldToMatch specification. # # Example JSON: `"Cookies": \{ "MatchPattern": \{ "All": \{\} \}, # "MatchScope": "KEY", "OversizeHandling": "MATCH" \}` # # @!attribute [rw] match_pattern # The filter to use to identify the subset of cookies to inspect in a # web request. # # You must specify exactly one setting: either `All`, # `IncludedCookies`, or `ExcludedCookies`. # # Example JSON: `"MatchPattern": \{ "IncludedCookies": [ # "session-id-time", "session-id" ] \}` # @return [Types::CookieMatchPattern] # # @!attribute [rw] match_scope # The parts of the cookies to inspect with the rule inspection # criteria. If you specify `All`, WAF inspects both keys and values. # @return [String] # # @!attribute [rw] oversize_handling # What WAF should do if the cookies of the request are more numerous # or larger than WAF can inspect. WAF does not support inspecting the # entire contents of request cookies when they exceed 8 KB (8192 # bytes) or 200 total cookies. The underlying host service forwards a # maximum of 200 cookies and at most 8 KB of cookie contents to WAF. # # The options for oversize handling are the following: # # * `CONTINUE` - Inspect the available cookies normally, according to # the rule inspection criteria. # # * `MATCH` - Treat the web request as matching the rule statement. # WAF applies the rule action to the request. # # * `NO_MATCH` - Treat the web request as not matching the rule # statement. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Cookies AWS API Documentation # class Cookies < Struct.new( :match_pattern, :match_scope, :oversize_handling) SENSITIVE = [] include Aws::Structure end # Specifies that WAF should count the request. Optionally defines # additional custom handling for the request. # # This is used in the context of other settings, for example to specify # values for RuleAction and web ACL DefaultAction. # # @!attribute [rw] custom_request_handling # Defines custom handling for the web request. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # @return [Types::CustomRequestHandling] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CountAction AWS API Documentation # class CountAction < Struct.new( :custom_request_handling) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] token_domains # The client application domains that you want to use this API key # for. # # Example JSON: `"TokenDomains": ["abc.com", "store.abc.com"]` # # Public suffixes aren't allowed. For example, you can't use # `usa.gov` or `co.uk` as token domains. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateAPIKeyRequest AWS API Documentation # class CreateAPIKeyRequest < Struct.new( :scope, :token_domains) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] api_key # The generated, encrypted API key. You can copy this for use in your # JavaScript CAPTCHA integration. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateAPIKeyResponse AWS API Documentation # class CreateAPIKeyResponse < Struct.new( :api_key) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the IP set. You cannot change the name of an `IPSet` # after you create it. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] description # A description of the IP set that helps with identification. # @return [String] # # @!attribute [rw] ip_address_version # The version of the IP addresses, either `IPV4` or `IPV6`. # @return [String] # # @!attribute [rw] addresses # Contains an array of strings that specifies zero or more IP # addresses or blocks of IP addresses that you want WAF to inspect for # in incoming requests. All addresses must be specified using # Classless Inter-Domain Routing (CIDR) notation. WAF supports all # IPv4 and IPv6 CIDR ranges except for `/0`. # # Example address strings: # # * For requests that originated from the IP address 192.0.2.44, # specify `192.0.2.44/32`. # # * For requests that originated from IP addresses from 192.0.2.0 to # 192.0.2.255, specify `192.0.2.0/24`. # # * For requests that originated from the IP address # 1111:0000:0000:0000:0000:0000:0000:0111, specify # `1111:0000:0000:0000:0000:0000:0000:0111/128`. # # * For requests that originated from IP addresses # 1111:0000:0000:0000:0000:0000:0000:0000 to # 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify # `1111:0000:0000:0000:0000:0000:0000:0000/64`. # # For more information about CIDR notation, see the Wikipedia entry # [Classless Inter-Domain Routing][1]. # # Example JSON `Addresses` specifications: # # * Empty array: `"Addresses": []` # # * Array with one address: `"Addresses": ["192.0.2.44/32"]` # # * Array with three addresses: `"Addresses": ["192.0.2.44/32", # "192.0.2.0/24", "192.0.0.0/16"]` # # * INVALID specification: `"Addresses": [""]` INVALID # # # # [1]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing # @return [Array] # # @!attribute [rw] tags # An array of key:value pairs to associate with the resource. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateIPSetRequest AWS API Documentation # class CreateIPSetRequest < Struct.new( :name, :scope, :description, :ip_address_version, :addresses, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] summary # High-level information about an IPSet, returned by operations like # create and list. This provides information like the ID, that you can # use to retrieve and manage an `IPSet`, and the ARN, that you provide # to the IPSetReferenceStatement to use the address set in a Rule. # @return [Types::IPSetSummary] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateIPSetResponse AWS API Documentation # class CreateIPSetResponse < Struct.new( :summary) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the set. You cannot change the name after you create the # set. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] description # A description of the set that helps with identification. # @return [String] # # @!attribute [rw] regular_expression_list # Array of regular expression strings. # @return [Array] # # @!attribute [rw] tags # An array of key:value pairs to associate with the resource. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRegexPatternSetRequest AWS API Documentation # class CreateRegexPatternSetRequest < Struct.new( :name, :scope, :description, :regular_expression_list, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] summary # High-level information about a RegexPatternSet, returned by # operations like create and list. This provides information like the # ID, that you can use to retrieve and manage a `RegexPatternSet`, and # the ARN, that you provide to the RegexPatternSetReferenceStatement # to use the pattern set in a Rule. # @return [Types::RegexPatternSetSummary] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRegexPatternSetResponse AWS API Documentation # class CreateRegexPatternSetResponse < Struct.new( :summary) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the rule group. You cannot change the name of a rule # group after you create it. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] capacity # The web ACL capacity units (WCUs) required for this rule group. # # When you create your own rule group, you define this, and you cannot # change it after creation. When you add or modify the rules in a rule # group, WAF enforces this limit. You can check the capacity for a set # of rules using CheckCapacity. # # WAF uses WCUs to calculate and control the operating resources that # are used to run your rules, rule groups, and web ACLs. WAF # calculates capacity differently for each rule type, to reflect the # relative cost of each rule. Simple rules that cost little to run use # fewer WCUs than more complex rules that use more processing power. # Rule group capacity is fixed at creation, which helps users plan # their web ACL WCU usage when they use a rule group. For more # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html # @return [Integer] # # @!attribute [rw] description # A description of the rule group that helps with identification. # @return [String] # # @!attribute [rw] rules # The Rule statements used to identify the web requests that you want # to manage. Each rule includes one top-level statement that WAF uses # to identify matching web requests, and parameters that govern how # WAF handles them. # @return [Array] # # @!attribute [rw] visibility_config # Defines and enables Amazon CloudWatch metrics and web request sample # collection. # @return [Types::VisibilityConfig] # # @!attribute [rw] tags # An array of key:value pairs to associate with the resource. # @return [Array] # # @!attribute [rw] custom_response_bodies # A map of custom response keys and content bodies. When you create a # rule with a block action, you can send a custom response to the web # request. You define these for the rule group, and then use them in # the rules that you define in the rule group. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # For information about the limits on count and size for custom # request and response settings, see [WAF quotas][2] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRuleGroupRequest AWS API Documentation # class CreateRuleGroupRequest < Struct.new( :name, :scope, :capacity, :description, :rules, :visibility_config, :tags, :custom_response_bodies) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] summary # High-level information about a RuleGroup, returned by operations # like create and list. This provides information like the ID, that # you can use to retrieve and manage a `RuleGroup`, and the ARN, that # you provide to the RuleGroupReferenceStatement to use the rule group # in a Rule. # @return [Types::RuleGroupSummary] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRuleGroupResponse AWS API Documentation # class CreateRuleGroupResponse < Struct.new( :summary) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the web ACL. You cannot change the name of a web ACL # after you create it. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] default_action # The action to perform if none of the `Rules` contained in the # `WebACL` match. # @return [Types::DefaultAction] # # @!attribute [rw] description # A description of the web ACL that helps with identification. # @return [String] # # @!attribute [rw] rules # The Rule statements used to identify the web requests that you want # to manage. Each rule includes one top-level statement that WAF uses # to identify matching web requests, and parameters that govern how # WAF handles them. # @return [Array] # # @!attribute [rw] visibility_config # Defines and enables Amazon CloudWatch metrics and web request sample # collection. # @return [Types::VisibilityConfig] # # @!attribute [rw] tags # An array of key:value pairs to associate with the resource. # @return [Array] # # @!attribute [rw] custom_response_bodies # A map of custom response keys and content bodies. When you create a # rule with a block action, you can send a custom response to the web # request. You define these for the web ACL, and then use them in the # rules and default actions that you define in the web ACL. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # For information about the limits on count and size for custom # request and response settings, see [WAF quotas][2] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html # @return [Hash] # # @!attribute [rw] captcha_config # Specifies how WAF should handle `CAPTCHA` evaluations for rules that # don't have their own `CaptchaConfig` settings. If you don't # specify this, WAF uses its default settings for `CaptchaConfig`. # @return [Types::CaptchaConfig] # # @!attribute [rw] challenge_config # Specifies how WAF should handle challenge evaluations for rules that # don't have their own `ChallengeConfig` settings. If you don't # specify this, WAF uses its default settings for `ChallengeConfig`. # @return [Types::ChallengeConfig] # # @!attribute [rw] token_domains # Specifies the domains that WAF should accept in a web request token. # This enables the use of tokens across multiple protected websites. # When WAF provides a token, it uses the domain of the Amazon Web # Services resource that the web ACL is protecting. If you don't # specify a list of token domains, WAF accepts tokens only for the # domain of the protected resource. With a token domain list, WAF # accepts the resource's host domain plus all domains in the token # domain list, including their prefixed subdomains. # # Example JSON: `"TokenDomains": \{ "mywebsite.com", # "myotherwebsite.com" \}` # # Public suffixes aren't allowed. For example, you can't use # `usa.gov` or `co.uk` as token domains. # @return [Array] # # @!attribute [rw] association_config # Specifies custom configurations for the associations between the web # ACL and protected resources. # # Use this to customize the maximum size of the request body that your # protected CloudFront distributions forward to WAF for inspection. # The default is 16 KB (16,384 bytes). # # You are charged additional fees when your protected resources # forward body sizes that are larger than the default. For more # information, see [WAF Pricing][1]. # # # # # # [1]: http://aws.amazon.com/waf/pricing/ # @return [Types::AssociationConfig] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation # class CreateWebACLRequest < Struct.new( :name, :scope, :default_action, :description, :rules, :visibility_config, :tags, :custom_response_bodies, :captcha_config, :challenge_config, :token_domains, :association_config) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] summary # High-level information about a WebACL, returned by operations like # create and list. This provides information like the ID, that you can # use to retrieve and manage a `WebACL`, and the ARN, that you provide # to operations like AssociateWebACL. # @return [Types::WebACLSummary] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLResponse AWS API Documentation # class CreateWebACLResponse < Struct.new( :summary) SENSITIVE = [] include Aws::Structure end # A custom header for custom request and response handling. This is used # in CustomResponse and CustomRequestHandling. # # @!attribute [rw] name # The name of the custom header. # # For custom request header insertion, when WAF inserts the header # into the request, it prefixes this name `x-amzn-waf-`, to avoid # confusion with the headers that are already in the request. For # example, for the header name `sample`, WAF inserts the header # `x-amzn-waf-sample`. # @return [String] # # @!attribute [rw] value # The value of the custom header. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomHTTPHeader AWS API Documentation # class CustomHTTPHeader < Struct.new( :name, :value) SENSITIVE = [] include Aws::Structure end # Custom request handling behavior that inserts custom headers into a # web request. You can add custom request handling for WAF to use when # the rule action doesn't block the request. For example, # `CaptchaAction` for requests with valid t okens, and `AllowAction`. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # # @!attribute [rw] insert_headers # The HTTP headers to insert into the request. Duplicate header names # are not allowed. # # For information about the limits on count and size for custom # request and response settings, see [WAF quotas][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomRequestHandling AWS API Documentation # class CustomRequestHandling < Struct.new( :insert_headers) SENSITIVE = [] include Aws::Structure end # A custom response to send to the client. You can define a custom # response for rule actions and default web ACL actions that are set to # BlockAction. # # For information about customizing web requests and responses, see # [Customizing web requests and responses in WAF][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html # # @!attribute [rw] response_code # The HTTP status code to return to the client. # # For a list of status codes that you can use in your custom # responses, see [Supported status codes for custom response][1] in # the *WAF Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html # @return [Integer] # # @!attribute [rw] custom_response_body_key # References the response body that you want WAF to return to the web # request client. You can define a custom response for a rule action # or a default web ACL action that is set to block. To do this, you # first define the response body key and value in the # `CustomResponseBodies` setting for the WebACL or RuleGroup where you # want to use it. Then, in the rule action or web ACL default action # `BlockAction` setting, you reference the response body using this # key. # @return [String] # # @!attribute [rw] response_headers # The HTTP headers to use in the response. You can specify any header # name except for `content-type`. Duplicate header names are not # allowed. # # For information about the limits on count and size for custom # request and response settings, see [WAF quotas][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponse AWS API Documentation # class CustomResponse < Struct.new( :response_code, :custom_response_body_key, :response_headers) SENSITIVE = [] include Aws::Structure end # The response body to use in a custom response to a web request. This # is referenced by key from CustomResponse `CustomResponseBodyKey`. # # @!attribute [rw] content_type # The type of content in the payload that you are defining in the # `Content` string. # @return [String] # # @!attribute [rw] content # The payload of the custom response. # # You can use JSON escape strings in JSON content. To do this, you # must specify JSON content in the `ContentType` setting. # # For information about the limits on count and size for custom # request and response settings, see [WAF quotas][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponseBody AWS API Documentation # class CustomResponseBody < Struct.new( :content_type, :content) SENSITIVE = [] include Aws::Structure end # In a WebACL, this is the action that you want WAF to perform when a # web request doesn't match any of the rules in the `WebACL`. The # default action must be a terminating action. # # @!attribute [rw] block # Specifies that WAF should block requests by default. # @return [Types::BlockAction] # # @!attribute [rw] allow # Specifies that WAF should allow requests by default. # @return [Types::AllowAction] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DefaultAction AWS API Documentation # class DefaultAction < Struct.new( :block, :allow) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] web_acl_arn # The Amazon Resource Name (ARN) of the web ACL. # @return [String] # # @!attribute [rw] web_acl_lock_token # A token used for optimistic locking. WAF returns a token to your # `get` and `list` requests, to mark the state of the entity at the # time of the request. To make changes to the entity associated with # the token, you provide the token to operations like `update` and # `delete`. WAF uses the token to ensure that no changes have been # made to the entity since you last retrieved it. If a change has been # made, the update fails with a `WAFOptimisticLockException`. If this # happens, perform another `get`, and use the new token returned by # that operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsRequest AWS API Documentation # class DeleteFirewallManagerRuleGroupsRequest < Struct.new( :web_acl_arn, :web_acl_lock_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] next_web_acl_lock_token # A token used for optimistic locking. WAF returns a token to your # `get` and `list` requests, to mark the state of the entity at the # time of the request. To make changes to the entity associated with # the token, you provide the token to operations like `update` and # `delete`. WAF uses the token to ensure that no changes have been # made to the entity since you last retrieved it. If a change has been # made, the update fails with a `WAFOptimisticLockException`. If this # happens, perform another `get`, and use the new token returned by # that operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsResponse AWS API Documentation # class DeleteFirewallManagerRuleGroupsResponse < Struct.new( :next_web_acl_lock_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the IP set. You cannot change the name of an `IPSet` # after you create it. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] id # A unique identifier for the set. This ID is returned in the # responses to create and list commands. You provide it to operations # like update and delete. # @return [String] # # @!attribute [rw] lock_token # A token used for optimistic locking. WAF returns a token to your # `get` and `list` requests, to mark the state of the entity at the # time of the request. To make changes to the entity associated with # the token, you provide the token to operations like `update` and # `delete`. WAF uses the token to ensure that no changes have been # made to the entity since you last retrieved it. If a change has been # made, the update fails with a `WAFOptimisticLockException`. If this # happens, perform another `get`, and use the new token returned by # that operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteIPSetRequest AWS API Documentation # class DeleteIPSetRequest < Struct.new( :name, :scope, :id, :lock_token) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteIPSetResponse AWS API Documentation # class DeleteIPSetResponse < Aws::EmptyStructure; end # @!attribute [rw] resource_arn # The Amazon Resource Name (ARN) of the web ACL from which you want to # delete the LoggingConfiguration. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteLoggingConfigurationRequest AWS API Documentation # class DeleteLoggingConfigurationRequest < Struct.new( :resource_arn) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteLoggingConfigurationResponse AWS API Documentation # class DeleteLoggingConfigurationResponse < Aws::EmptyStructure; end # @!attribute [rw] resource_arn # The Amazon Resource Name (ARN) of the rule group from which you want # to delete the policy. # # You must be the owner of the rule group to perform this operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeletePermissionPolicyRequest AWS API Documentation # class DeletePermissionPolicyRequest < Struct.new( :resource_arn) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeletePermissionPolicyResponse AWS API Documentation # class DeletePermissionPolicyResponse < Aws::EmptyStructure; end # @!attribute [rw] name # The name of the set. You cannot change the name after you create the # set. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] id # A unique identifier for the set. This ID is returned in the # responses to create and list commands. You provide it to operations # like update and delete. # @return [String] # # @!attribute [rw] lock_token # A token used for optimistic locking. WAF returns a token to your # `get` and `list` requests, to mark the state of the entity at the # time of the request. To make changes to the entity associated with # the token, you provide the token to operations like `update` and # `delete`. WAF uses the token to ensure that no changes have been # made to the entity since you last retrieved it. If a change has been # made, the update fails with a `WAFOptimisticLockException`. If this # happens, perform another `get`, and use the new token returned by # that operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRegexPatternSetRequest AWS API Documentation # class DeleteRegexPatternSetRequest < Struct.new( :name, :scope, :id, :lock_token) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRegexPatternSetResponse AWS API Documentation # class DeleteRegexPatternSetResponse < Aws::EmptyStructure; end # @!attribute [rw] name # The name of the rule group. You cannot change the name of a rule # group after you create it. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] id # A unique identifier for the rule group. This ID is returned in the # responses to create and list commands. You provide it to operations # like update and delete. # @return [String] # # @!attribute [rw] lock_token # A token used for optimistic locking. WAF returns a token to your # `get` and `list` requests, to mark the state of the entity at the # time of the request. To make changes to the entity associated with # the token, you provide the token to operations like `update` and # `delete`. WAF uses the token to ensure that no changes have been # made to the entity since you last retrieved it. If a change has been # made, the update fails with a `WAFOptimisticLockException`. If this # happens, perform another `get`, and use the new token returned by # that operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRuleGroupRequest AWS API Documentation # class DeleteRuleGroupRequest < Struct.new( :name, :scope, :id, :lock_token) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRuleGroupResponse AWS API Documentation # class DeleteRuleGroupResponse < Aws::EmptyStructure; end # @!attribute [rw] name # The name of the web ACL. You cannot change the name of a web ACL # after you create it. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] id # The unique identifier for the web ACL. This ID is returned in the # responses to create and list commands. You provide it to operations # like update and delete. # @return [String] # # @!attribute [rw] lock_token # A token used for optimistic locking. WAF returns a token to your # `get` and `list` requests, to mark the state of the entity at the # time of the request. To make changes to the entity associated with # the token, you provide the token to operations like `update` and # `delete`. WAF uses the token to ensure that no changes have been # made to the entity since you last retrieved it. If a change has been # made, the update fails with a `WAFOptimisticLockException`. If this # happens, perform another `get`, and use the new token returned by # that operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteWebACLRequest AWS API Documentation # class DeleteWebACLRequest < Struct.new( :name, :scope, :id, :lock_token) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteWebACLResponse AWS API Documentation # class DeleteWebACLResponse < Aws::EmptyStructure; end # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeAllManagedProductsRequest AWS API Documentation # class DescribeAllManagedProductsRequest < Struct.new( :scope) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] managed_products # High-level information for the Amazon Web Services Managed Rules # rule groups and Amazon Web Services Marketplace managed rule groups. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeAllManagedProductsResponse AWS API Documentation # class DescribeAllManagedProductsResponse < Struct.new( :managed_products) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] vendor_name # The name of the managed rule group vendor. You use this, along with # the rule group name, to identify a rule group. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedProductsByVendorRequest AWS API Documentation # class DescribeManagedProductsByVendorRequest < Struct.new( :vendor_name, :scope) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] managed_products # High-level information for the managed rule groups owned by the # specified vendor. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedProductsByVendorResponse AWS API Documentation # class DescribeManagedProductsByVendorResponse < Struct.new( :managed_products) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] vendor_name # The name of the managed rule group vendor. You use this, along with # the rule group name, to identify a rule group. # @return [String] # # @!attribute [rw] name # The name of the managed rule group. You use this, along with the # vendor name, to identify the rule group. # @return [String] # # @!attribute [rw] scope # Specifies whether this is for an Amazon CloudFront distribution or # for a regional application. A regional application can be an # Application Load Balancer (ALB), an Amazon API Gateway REST API, an # AppSync GraphQL API, an Amazon Cognito user pool, an App Runner # service, or an Amazon Web Services Verified Access instance. # # To work with CloudFront, you must also specify the Region US East # (N. Virginia) as follows: # # * CLI - Specify the Region when you use the CloudFront scope: # `--scope=CLOUDFRONT --region=us-east-1`. # # * API and SDKs - For all calls, use the Region endpoint us-east-1. # @return [String] # # @!attribute [rw] version_name # The version of the rule group. You can only use a version that is # not scheduled for expiration. If you don't provide this, WAF uses # the vendor's default version. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedRuleGroupRequest AWS API Documentation # class DescribeManagedRuleGroupRequest < Struct.new( :vendor_name, :name, :scope, :version_name) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] version_name # The managed rule group's version. # @return [String] # # @!attribute [rw] sns_topic_arn # The Amazon resource name (ARN) of the Amazon Simple Notification # Service SNS topic that's used to provide notification of changes to # the managed rule group. You can subscribe to the SNS topic to # receive notifications when the managed rule group is modified, such # as for new versions and for version expiration. For more # information, see the [Amazon Simple Notification Service Developer # Guide][1]. # # # # [1]: https://docs.aws.amazon.com/sns/latest/dg/welcome.html # @return [String] # # @!attribute [rw] capacity # The web ACL capacity units (WCUs) required for this rule group. # # WAF uses WCUs to calculate and control the operating resources that # are used to run your rules, rule groups, and web ACLs. WAF # calculates capacity differently for each rule type, to reflect the # relative cost of each rule. Simple rules that cost little to run use # fewer WCUs than more complex rules that use more processing power. # Rule group capacity is fixed at creation, which helps users plan # their web ACL WCU usage when they use a rule group. For more # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF # Developer Guide*. # # # # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html # @return [Integer] # # @!attribute [rw] rules # @return [Array] # # @!attribute [rw] label_namespace # The label namespace prefix for this rule group. All labels added by # rules in this rule group have this prefix. # # * The syntax for the label namespace prefix for a managed rule group # is the following: # # `awswaf:managed::`: # # * When a rule with a label matches a web request, WAF adds the fully # qualified label to the request. A fully qualified label is made up # of the label namespace from the rule group or web ACL where the # rule is defined and the label from the rule, separated by a colon: # # `