This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.
AWS::WAF::SqlInjectionMatchSet
Note
Amazon WAF Classic support will end on September 30, 2025.
This is Amazon WAF Classic documentation. For more information, see Amazon WAF Classic in the developer guide.
For the latest version of Amazon WAF, use the Amazon WAFV2 API and see the Amazon WAF Developer Guide. With the latest version, Amazon WAF has a single set of endpoints for regional and global use.
A complex type that contains SqlInjectionMatchTuple objects, which specify the parts of web requests that you
want Amazon WAF to inspect for snippets of malicious SQL code and, if you want Amazon WAF to inspect a header, the name of the header. If a
SqlInjectionMatchSet contains more than one SqlInjectionMatchTuple object, a request needs to
include snippets of SQL code in only one of the specified parts of the request to be considered a match.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::WAF::SqlInjectionMatchSet", "Properties" : { "Name" :String, "SqlInjectionMatchTuples" :[ SqlInjectionMatchTuple, ... ]} }
YAML
Type: AWS::WAF::SqlInjectionMatchSet Properties: Name:StringSqlInjectionMatchTuples:- SqlInjectionMatchTuple
Properties
Name-
The name, if any, of the
SqlInjectionMatchSet.Required: Yes
Type: String
Pattern:
.*\S.*Minimum:
1Maximum:
128Update requires: Replacement
SqlInjectionMatchTuples-
Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.
Required: No
Type: Array of SqlInjectionMatchTuple
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.
For more information about using the Ref function, see Ref.
Fn::GetAtt
Examples
Find SQL Injections
The following example looks for snippets of SQL code in the query string of an HTTP request.
JSON
"SqlInjDetection": { "Type": "AWS::WAF::SqlInjectionMatchSet", "Properties": { "Name": "Find SQL injections in the query string", "SqlInjectionMatchTuples": [ { "FieldToMatch" : { "Type": "QUERY_STRING" }, "TextTransformation" : "URL_DECODE" } ] } }
YAML
SqlInjDetection: Type: "AWS::WAF::SqlInjectionMatchSet" Properties: Name: "Find SQL injections in the query string" SqlInjectionMatchTuples: - FieldToMatch: Type: "QUERY_STRING" TextTransformation: "URL_DECODE"
Associate a SQL Injection Match Set with a Web ACL Rule
The following example associates the SqlInjDetection match set with a
web access control list (ACL) rule.
JSON
"SqlInjRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "SqlInjRule", "MetricName" : "SqlInjRule", "Predicates": [ { "DataId" : { "Ref" : "SqlInjDetection" }, "Negated" : false, "Type" : "SqlInjectionMatch" } ] } }
YAML
SqlInjRule: Type: "AWS::WAF::Rule" Properties: Name: "SqlInjRule" MetricName: "SqlInjRule" Predicates: - DataId: Ref: "SqlInjDetection" Negated: false Type: "SqlInjectionMatch"
Create a Web ACL
The following example associates the SqlInjRule rule with a web ACL. The
web ACL allows all requests except for ones with SQL code in the query string of a
request.
JSON
"MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "Web ACL to block SQL injection in the query string", "DefaultAction": { "Type": "ALLOW" }, "MetricName" : "SqlInjWebACL", "Rules": [ { "Action" : { "Type" : "BLOCK" }, "Priority" : 1, "RuleId" : { "Ref" : "SqlInjRule" } } ] } }
YAML
MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "Web ACL to block SQL injection in the query string" DefaultAction: Type: "ALLOW" MetricName: "SqlInjWebACL" Rules: - Action: Type: "BLOCK" Priority: 1 RuleId: Ref: "SqlInjRule"