Class CfnWebACL.SizeConstraintStatementProperty
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<).
Inheritance
Implements
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.AWS.WAFv2.dll
Syntax (csharp)
public class SizeConstraintStatementProperty : Object, CfnWebACL.ISizeConstraintStatementProperty
Syntax (vb)
Public Class SizeConstraintStatementProperty
Inherits Object
Implements CfnWebACL.ISizeConstraintStatementProperty
Remarks
For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig
, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.
If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg
is nine characters long.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var all;
var allQueryArguments;
var method;
var queryString;
var singleHeader;
var singleQueryArgument;
var uriPath;
var sizeConstraintStatementProperty = new SizeConstraintStatementProperty {
ComparisonOperator = "comparisonOperator",
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriPath = uriPath
},
Size = 123,
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} }
};
Synopsis
Constructors
SizeConstraintStatementProperty() |
Properties
ComparisonOperator | The operator to use to compare the request part to the size setting. |
FieldToMatch | The part of the web request that you want AWS WAF to inspect. |
Size | The size, in byte, to compare to the request part, after any transformations. |
TextTransformations | Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. |
Constructors
SizeConstraintStatementProperty()
public SizeConstraintStatementProperty()
Properties
ComparisonOperator
The operator to use to compare the request part to the size setting.
public string ComparisonOperator { get; set; }
Property Value
System.String
Remarks
FieldToMatch
The part of the web request that you want AWS WAF to inspect.
public object FieldToMatch { get; set; }
Property Value
System.Object
Remarks
Size
The size, in byte, to compare to the request part, after any transformations.
public double Size { get; set; }
Property Value
System.Double
Remarks
TextTransformations
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
public object TextTransformations { get; set; }
Property Value
System.Object
Remarks
If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by FieldToMatch
, starting from the lowest priority setting, before inspecting the content for a match.