All Superinterfaces:: software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:: CfnWebACL.FieldToMatchProperty.Jsii$Proxy

Enclosing class:: CfnWebACL

@Stability(Stable) public static interface CfnWebACL.FieldToMatchProperty extends software.amazon.jsii.JsiiSerializable

Specifies a web request component to be used in a rule match statement or in a logging configuration.

In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.

Example JSON for a QueryString field to match:

"FieldToMatch": { "QueryString": {} }

Example JSON for a Method field to match specification:

"FieldToMatch": { "Method": { "Name": "DELETE" } }

In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following:
Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath , QueryString , SingleHeader , and Method .
In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.wafv2.*;
 Object all;
 Object allQueryArguments;
 Object method;
 Object queryString;
 Object singleHeader;
 Object singleQueryArgument;
 Object uriPath;
 FieldToMatchProperty fieldToMatchProperty = FieldToMatchProperty.builder()
         .allQueryArguments(allQueryArguments)
         .body(BodyProperty.builder()
                 .oversizeHandling("oversizeHandling")
                 .build())
         .cookies(CookiesProperty.builder()
                 .matchPattern(CookieMatchPatternProperty.builder()
                         .all(all)
                         .excludedCookies(List.of("excludedCookies"))
                         .includedCookies(List.of("includedCookies"))
                         .build())
                 .matchScope("matchScope")
                 .oversizeHandling("oversizeHandling")
                 .build())
         .headers(HeadersProperty.builder()
                 .matchPattern(HeaderMatchPatternProperty.builder()
                         .all(all)
                         .excludedHeaders(List.of("excludedHeaders"))
                         .includedHeaders(List.of("includedHeaders"))
                         .build())
                 .matchScope("matchScope")
                 .oversizeHandling("oversizeHandling")
                 .build())
         .ja3Fingerprint(JA3FingerprintProperty.builder()
                 .fallbackBehavior("fallbackBehavior")
                 .build())
         .jsonBody(JsonBodyProperty.builder()
                 .matchPattern(JsonMatchPatternProperty.builder()
                         .all(all)
                         .includedPaths(List.of("includedPaths"))
                         .build())
                 .matchScope("matchScope")
                 // the properties below are optional
                 .invalidFallbackBehavior("invalidFallbackBehavior")
                 .oversizeHandling("oversizeHandling")
                 .build())
         .method(method)
         .queryString(queryString)
         .singleHeader(singleHeader)
         .singleQueryArgument(singleQueryArgument)
         .uriPath(uriPath)
         .build();

See Also:

Nested Class Summary

Nested Classes

Modifier and Type

Interface

Description

static final class

CfnWebACL.FieldToMatchProperty.Builder

A builder for CfnWebACL.FieldToMatchProperty

static final class

CfnWebACL.FieldToMatchProperty.Jsii$Proxy

An implementation for CfnWebACL.FieldToMatchProperty
Method Summary

Modifier and Type

Method

Description

static CfnWebACL.FieldToMatchProperty.Builder

builder()

default Object

getAllQueryArguments()

Inspect all query arguments.

default Object

getBody()

Inspect the request body as plain text.

default Object

getCookies()

Inspect the request cookies.

default Object

getHeaders()

Inspect the request headers.

default Object

getJa3Fingerprint()

Match against the request's JA3 fingerprint.

default Object

getJsonBody()

Inspect the request body as JSON.

default Object

getMethod()

Inspect the HTTP method.

default Object

getQueryString()

Inspect the query string.

default Object

getSingleHeader()

Inspect a single header.

default Object

getSingleQueryArgument()

Inspect a single query argument.

default Object

getUriPath()

Inspect the request URI path.

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Method Details
- getAllQueryArguments
  
  @Stability(Stable) @Nullable default Object getAllQueryArguments()
  
  Inspect all query arguments.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-allqueryarguments
- getBody
  
  @Stability(Stable) @Nullable default Object getBody()
  Inspect the request body as plain text.
  The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
  AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.
  
  For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
  
  For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig , for additional processing fees.
  
  For information about how to handle oversized request bodies, see the Body object configuration.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-body
- getCookies
  
  @Stability(Stable) @Nullable default Object getCookies()
  
  Inspect the request cookies.
  You must configure scope and pattern matching filters in the Cookies object, to define the set of cookies and the parts of the cookies that AWS WAF inspects.
  Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the Cookies object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-cookies
- getHeaders
  
  @Stability(Stable) @Nullable default Object getHeaders()
  
  Inspect the request headers.
  You must configure scope and pattern matching filters in the Headers object, to define the set of headers to and the parts of the headers that AWS WAF inspects.
  Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the Headers object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-headers
- getJa3Fingerprint
  
  @Stability(Stable) @Nullable default Object getJa3Fingerprint()
  
  Match against the request's JA3 fingerprint.
  The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
  
  You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY .
  
  You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .
  Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-ja3fingerprint
- getJsonBody
  
  @Stability(Stable) @Nullable default Object getJsonBody()
  Inspect the request body as JSON.
  The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
  AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.
  
  For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
  
  For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig , for additional processing fees.
  
  For information about how to handle oversized request bodies, see the JsonBody object configuration.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-jsonbody
- getMethod
  
  @Stability(Stable) @Nullable default Object getMethod()
  
  Inspect the HTTP method.
  The method indicates the type of operation that the request is asking the origin to perform.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-method
- getQueryString
  
  @Stability(Stable) @Nullable default Object getQueryString()
  
  Inspect the query string.
  This is the part of a URL that appears after a ? character, if any.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-querystring
- getSingleHeader
  
  @Stability(Stable) @Nullable default Object getSingleHeader()
  
  Inspect a single header.
  Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn't case sensitive.
  Example JSON: "SingleHeader": { "Name": "haystack" }
  Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-singleheader
- getSingleQueryArgument
  
  @Stability(Stable) @Nullable default Object getSingleQueryArgument()
  
  Inspect a single query argument.
  Provide the name of the query argument to inspect, such as UserName or SalesRegion . The name can be up to 30 characters long and isn't case sensitive.
  Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-singlequeryargument
- getUriPath
  
  @Stability(Stable) @Nullable default Object getUriPath()
  
  Inspect the request URI path.
  This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-uripath
- builder
  
  @Stability(Stable) static CfnWebACL.FieldToMatchProperty.Builder builder()
  
  Returns:
  
  a CfnWebACL.FieldToMatchProperty.Builder of CfnWebACL.FieldToMatchProperty

Interface CfnWebACL.FieldToMatchProperty

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Details

getAllQueryArguments

getBody

getCookies

getHeaders

getJa3Fingerprint

getJsonBody

getMethod

getQueryString

getSingleHeader

getSingleQueryArgument

getUriPath

builder