Class CfnWebACL.RuleProperty
A single rule, which you can use in a WebACL
or RuleGroup
to identify web requests that you want to allow, block, or count.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.AWS.WAFv2.dll
Syntax (csharp)
public class RuleProperty : Object, CfnWebACL.IRuleProperty
Syntax (vb)
Public Class RuleProperty
Inherits Object
Implements CfnWebACL.IRuleProperty
Remarks
Each rule includes one top-level Statement
that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var all;
var allQueryArguments;
var count;
var method;
var none;
var queryString;
var singleHeader;
var singleQueryArgument;
StatementProperty statementProperty_;
var uriPath;
var ruleProperty = new RuleProperty {
Name = "name",
Priority = 123,
Statement = new StatementProperty {
AndStatement = new AndStatementProperty {
Statements = new [] { statementProperty_ }
},
ByteMatchStatement = new ByteMatchStatementProperty {
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriPath = uriPath
},
PositionalConstraint = "positionalConstraint",
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} },
// the properties below are optional
SearchString = "searchString",
SearchStringBase64 = "searchStringBase64"
},
GeoMatchStatement = new GeoMatchStatementProperty {
CountryCodes = new [] { "countryCodes" },
ForwardedIpConfig = new ForwardedIPConfigurationProperty {
FallbackBehavior = "fallbackBehavior",
HeaderName = "headerName"
}
},
IpSetReferenceStatement = new Dictionary<string, object> {
{ "arn", "arn" },
// the properties below are optional
{ "ipSetForwardedIpConfig", new Dictionary<string, string> {
{ "fallbackBehavior", "fallbackBehavior" },
{ "headerName", "headerName" },
{ "position", "position" }
} }
},
LabelMatchStatement = new LabelMatchStatementProperty {
Key = "key",
Scope = "scope"
},
ManagedRuleGroupStatement = new ManagedRuleGroupStatementProperty {
Name = "name",
VendorName = "vendorName",
// the properties below are optional
ExcludedRules = new [] { new ExcludedRuleProperty {
Name = "name"
} },
ManagedRuleGroupConfigs = new [] { new ManagedRuleGroupConfigProperty {
AwsManagedRulesAtpRuleSet = new AWSManagedRulesATPRuleSetProperty {
LoginPath = "loginPath",
// the properties below are optional
RequestInspection = new RequestInspectionProperty {
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
},
ResponseInspection = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
}
},
AwsManagedRulesBotControlRuleSet = new AWSManagedRulesBotControlRuleSetProperty {
InspectionLevel = "inspectionLevel"
},
LoginPath = "loginPath",
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
} },
RuleActionOverrides = new [] { new RuleActionOverrideProperty {
ActionToUse = new RuleActionProperty {
Allow = new AllowActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Block = new BlockActionProperty {
CustomResponse = new CustomResponseProperty {
ResponseCode = 123,
// the properties below are optional
CustomResponseBodyKey = "customResponseBodyKey",
ResponseHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Captcha = new CaptchaActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Challenge = new ChallengeActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Count = new CountActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
}
},
Name = "name"
} },
ScopeDownStatement = statementProperty_,
Version = "version"
},
NotStatement = new NotStatementProperty {
Statement = statementProperty_
},
OrStatement = new OrStatementProperty {
Statements = new [] { statementProperty_ }
},
RateBasedStatement = new RateBasedStatementProperty {
AggregateKeyType = "aggregateKeyType",
Limit = 123,
// the properties below are optional
ForwardedIpConfig = new ForwardedIPConfigurationProperty {
FallbackBehavior = "fallbackBehavior",
HeaderName = "headerName"
},
ScopeDownStatement = statementProperty_
},
RegexMatchStatement = new RegexMatchStatementProperty {
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriPath = uriPath
},
RegexString = "regexString",
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} }
},
RegexPatternSetReferenceStatement = new RegexPatternSetReferenceStatementProperty {
Arn = "arn",
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriPath = uriPath
},
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} }
},
RuleGroupReferenceStatement = new RuleGroupReferenceStatementProperty {
Arn = "arn",
// the properties below are optional
ExcludedRules = new [] { new ExcludedRuleProperty {
Name = "name"
} },
RuleActionOverrides = new [] { new RuleActionOverrideProperty {
ActionToUse = new RuleActionProperty {
Allow = new AllowActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Block = new BlockActionProperty {
CustomResponse = new CustomResponseProperty {
ResponseCode = 123,
// the properties below are optional
CustomResponseBodyKey = "customResponseBodyKey",
ResponseHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Captcha = new CaptchaActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Challenge = new ChallengeActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Count = new CountActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
}
},
Name = "name"
} }
},
SizeConstraintStatement = new SizeConstraintStatementProperty {
ComparisonOperator = "comparisonOperator",
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriPath = uriPath
},
Size = 123,
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} }
},
SqliMatchStatement = new SqliMatchStatementProperty {
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriPath = uriPath
},
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} },
// the properties below are optional
SensitivityLevel = "sensitivityLevel"
},
XssMatchStatement = new XssMatchStatementProperty {
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriPath = uriPath
},
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} }
}
},
VisibilityConfig = new VisibilityConfigProperty {
CloudWatchMetricsEnabled = false,
MetricName = "metricName",
SampledRequestsEnabled = false
},
// the properties below are optional
Action = new RuleActionProperty {
Allow = new AllowActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Block = new BlockActionProperty {
CustomResponse = new CustomResponseProperty {
ResponseCode = 123,
// the properties below are optional
CustomResponseBodyKey = "customResponseBodyKey",
ResponseHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Captcha = new CaptchaActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Challenge = new ChallengeActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
},
Count = new CountActionProperty {
CustomRequestHandling = new CustomRequestHandlingProperty {
InsertHeaders = new [] { new CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
}
},
CaptchaConfig = new CaptchaConfigProperty {
ImmunityTimeProperty = new ImmunityTimePropertyProperty {
ImmunityTime = 123
}
},
ChallengeConfig = new ChallengeConfigProperty {
ImmunityTimeProperty = new ImmunityTimePropertyProperty {
ImmunityTime = 123
}
},
OverrideAction = new OverrideActionProperty {
Count = count,
None = none
},
RuleLabels = new [] { new LabelProperty {
Name = "name"
} }
};
Synopsis
Constructors
RuleProperty() |
Properties
Action | The action that AWS WAF should take on a web request when it matches the rule's statement. |
CaptchaConfig | Specifies how AWS WAF should handle |
ChallengeConfig | Specifies how AWS WAF should handle |
Name | The name of the rule. |
OverrideAction | The override action to apply to the rules in a rule group, instead of the individual rule action settings. |
Priority | If you define more than one |
RuleLabels | Labels to apply to web requests that match the rule match statement. |
Statement | The AWS WAF processing statement for the rule, for example |
VisibilityConfig | Defines and enables Amazon CloudWatch metrics and web request sample collection. |
Constructors
RuleProperty()
public RuleProperty()
Properties
Action
The action that AWS WAF should take on a web request when it matches the rule's statement.
public object Action { get; set; }
Property Value
System.Object
Remarks
Settings at the web ACL level can override the rule action setting.
This is used only for rules whose statements don't reference a rule group. Rule statements that reference a rule group are RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
You must set either this Action
setting or the rule's OverrideAction
, but not both:
CaptchaConfig
Specifies how AWS WAF should handle CAPTCHA
evaluations.
public object CaptchaConfig { get; set; }
Property Value
System.Object
Remarks
If you don't specify this, AWS WAF uses the CAPTCHA
configuration that's defined for the web ACL.
ChallengeConfig
Specifies how AWS WAF should handle Challenge
evaluations.
public object ChallengeConfig { get; set; }
Property Value
System.Object
Remarks
If you don't specify this, AWS WAF uses the challenge configuration that's defined for the web ACL.
Name
The name of the rule.
public string Name { get; set; }
Property Value
System.String
Remarks
You can't change the name of a Rule
after you create it.
OverrideAction
The override action to apply to the rules in a rule group, instead of the individual rule action settings.
public object OverrideAction { get; set; }
Property Value
System.Object
Remarks
This is used only for rules whose statements reference a rule group. Rule statements that reference a rule group are RuleGroupReferenceStatement
and ManagedRuleGroupStatement
.
Set the override action to none to leave the rule group rule actions in effect. Set it to count to only count matches, regardless of the rule action settings.
You must set either this OverrideAction
setting or the Action
setting, but not both:
Priority
If you define more than one Rule
in a WebACL
, AWS WAF evaluates each request against the Rules
in order based on the value of Priority
.
public double Priority { get; set; }
Property Value
System.Double
Remarks
AWS WAF processes rules with lower priority first. The priorities don't need to be consecutive, but they must all be different.
RuleLabels
Labels to apply to web requests that match the rule match statement.
public object RuleLabels { get; set; }
Property Value
System.Object
Remarks
AWS WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.
Rules that run after this rule in the web ACL can match against these labels using a LabelMatchStatement
.
For each label, provide a case-sensitive string containing optional namespaces and a label name, according to the following guidelines:
For example, myLabelName
or nameSpace1:nameSpace2:myLabelName
.
Statement
The AWS WAF processing statement for the rule, for example ByteMatchStatement
or SizeConstraintStatement
.
public object Statement { get; set; }
Property Value
System.Object
Remarks
VisibilityConfig
Defines and enables Amazon CloudWatch metrics and web request sample collection.
public object VisibilityConfig { get; set; }
Property Value
System.Object