This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::WAFv2::WebACL RuleAction The action that Amazon WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting. ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "[Allow](#cfn-wafv2-webacl-ruleaction-allow)" : AllowAction, "[Block](#cfn-wafv2-webacl-ruleaction-block)" : BlockAction, "[Captcha](#cfn-wafv2-webacl-ruleaction-captcha)" : CaptchaAction, "[Challenge](#cfn-wafv2-webacl-ruleaction-challenge)" : ChallengeAction, "[Count](#cfn-wafv2-webacl-ruleaction-count)" : CountAction } ``` ### YAML ``` [Allow](#cfn-wafv2-webacl-ruleaction-allow): AllowAction [Block](#cfn-wafv2-webacl-ruleaction-block): BlockAction [Captcha](#cfn-wafv2-webacl-ruleaction-captcha): CaptchaAction [Challenge](#cfn-wafv2-webacl-ruleaction-challenge): ChallengeAction [Count](#cfn-wafv2-webacl-ruleaction-count): CountAction ``` ## Properties `Allow` Instructs Amazon WAF to allow the web request. *Required*: No *Type*: [AllowAction](aws-properties-wafv2-webacl-allowaction.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Block` Instructs Amazon WAF to block the web request. *Required*: No *Type*: [BlockAction](aws-properties-wafv2-webacl-blockaction.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Captcha` Specifies that Amazon WAF should run a `CAPTCHA` check against the request: + If the request includes a valid, unexpired `CAPTCHA` token, Amazon WAF allows the web request inspection to proceed to the next rule, similar to a `CountAction`. + If the request doesn't include a valid, unexpired `CAPTCHA` token, Amazon WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. Amazon WAF generates a response that it sends back to the client, which includes the following: + The header `x-amzn-waf-action` with a value of `captcha`. + The HTTP status code `405 Method Not Allowed`. + If the request contains an `Accept` header with a value of `text/html`, the response includes a `CAPTCHA` challenge. You can configure the expiration time in the `CaptchaConfig``ImmunityTimeProperty` setting at the rule and web ACL level. The rule setting overrides the web ACL setting. This action option is available for rules. It isn't available for web ACL default actions. *Required*: No *Type*: [CaptchaAction](aws-properties-wafv2-webacl-captchaaction.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Challenge` Instructs Amazon WAF to run a `Challenge` check against the web request. *Required*: No *Type*: [ChallengeAction](aws-properties-wafv2-webacl-challengeaction.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Count` Instructs Amazon WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL. *Required*: No *Type*: [CountAction](aws-properties-wafv2-webacl-countaction.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)