AWS::WAFv2::RuleGroup CaptchaAction - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::WAFv2::RuleGroup CaptchaAction

Specifies that Amazon WAF should run a CAPTCHA check against the request:

  • If the request includes a valid, unexpired CAPTCHA token, Amazon WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction.

  • If the request doesn't include a valid, unexpired token, Amazon WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.

    Amazon WAF generates a response that it sends back to the client, which includes the following:

    • The header x-amzn-waf-action with a value of captcha.

    • The HTTP status code 405 Method Not Allowed.

    • If the request contains an Accept header with a value of text/html, the response includes a CAPTCHA JavaScript page interstitial.

You can configure the expiration time in the CaptchaConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.

This action option is available for rules. It isn't available for web ACL default actions.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

Properties

CustomRequestHandling

Defines custom handling for the web request, used when the CAPTCHA inspection determines that the request's token is valid and unexpired.

For information about customizing web requests and responses, see Customizing web requests and responses in Amazon WAF in the Amazon WAF Developer Guide.

Required: No

Type: CustomRequestHandling

Update requires: No interruption