Class FieldToMatch
- All Implemented Interfaces:
Serializable
,SdkPojo
,ToCopyableBuilder<FieldToMatch.Builder,
FieldToMatch>
Specifies a web request component to be used in a rule match statement or in a logging configuration.
-
In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single
FieldToMatch
type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component inFieldToMatch
for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.Example JSON for a
QueryString
field to match:"FieldToMatch": { "QueryString": {} }
Example JSON for a
Method
field to match specification:"FieldToMatch": { "Method": { "Name": "DELETE" } }
-
In a logging configuration, this is used in the
RedactedFields
property to specify a field to redact from the logging records. For this use case, note the following:-
Even though all
FieldToMatch
settings are available, the only valid settings for field redaction areUriPath
,QueryString
,SingleHeader
, andMethod
. -
In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
-
- See Also:
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal AllQueryArguments
Inspect all query arguments.final Body
body()
Inspect the request body as plain text.static FieldToMatch.Builder
builder()
final Cookies
cookies()
Inspect the request cookies.final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) final int
hashCode()
final HeaderOrder
Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection.final Headers
headers()
Inspect the request headers.final JA3Fingerprint
Match against the request's JA3 fingerprint.final JsonBody
jsonBody()
Inspect the request body as JSON.final Method
method()
Inspect the HTTP method.final QueryString
Inspect the query string.static Class
<? extends FieldToMatch.Builder> final SingleHeader
Inspect a single header.final SingleQueryArgument
Inspect a single query argument.Take this object and create a builder that contains all of the current property values of this object.final String
toString()
Returns a string representation of this object.final UriPath
uriPath()
Inspect the request URI path.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
singleHeader
Inspect a single header. Provide the name of the header to inspect, for example,
User-Agent
orReferer
. This setting isn't case sensitive.Example JSON:
"SingleHeader": { "Name": "haystack" }
Alternately, you can filter and inspect all headers with the
Headers
FieldToMatch
setting.- Returns:
- Inspect a single header. Provide the name of the header to inspect, for example,
User-Agent
orReferer
. This setting isn't case sensitive.Example JSON:
"SingleHeader": { "Name": "haystack" }
Alternately, you can filter and inspect all headers with the
Headers
FieldToMatch
setting.
-
singleQueryArgument
Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Example JSON:
"SingleQueryArgument": { "Name": "myArgument" }
- Returns:
- Inspect a single query argument. Provide the name of the query argument to inspect, such as
UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Example JSON:
"SingleQueryArgument": { "Name": "myArgument" }
-
allQueryArguments
Inspect all query arguments.
- Returns:
- Inspect all query arguments.
-
uriPath
Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
/images/daily-ad.jpg
.- Returns:
- Inspect the request URI path. This is the part of the web request that identifies a resource, for
example,
/images/daily-ad.jpg
.
-
queryString
Inspect the query string. This is the part of a URL that appears after a
?
character, if any.- Returns:
- Inspect the query string. This is the part of a URL that appears after a
?
character, if any.
-
body
Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
-
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
-
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the
Body
object configuration.- Returns:
- Inspect the request body as plain text. The request body immediately follows the request headers. This is
the part of a request that contains any additional data that you want to send to your web server as the
HTTP request body, such as data from a form.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
-
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
-
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the
Body
object configuration. -
-
-
method
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Returns:
- Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
-
jsonBody
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
-
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
-
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the
JsonBody
object configuration.- Returns:
- Inspect the request body as JSON. The request body immediately follows the request headers. This is the
part of a request that contains any additional data that you want to send to your web server as the HTTP
request body, such as data from a form.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
-
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
-
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the
JsonBody
object configuration. -
-
-
headers
Inspect the request headers. You must configure scope and pattern matching filters in the
Headers
object, to define the set of headers to and the parts of the headers that WAF inspects.Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the
Headers
object. WAF applies the pattern matching filters to the headers that it receives from the underlying host service.- Returns:
- Inspect the request headers. You must configure scope and pattern matching filters in the
Headers
object, to define the set of headers to and the parts of the headers that WAF inspects.Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the
Headers
object. WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
-
cookies
Inspect the request cookies. You must configure scope and pattern matching filters in the
Cookies
object, to define the set of cookies and the parts of the cookies that WAF inspects.Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the
Cookies
object. WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.- Returns:
- Inspect the request cookies. You must configure scope and pattern matching filters in the
Cookies
object, to define the set of cookies and the parts of the cookies that WAF inspects.Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the
Cookies
object. WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
-
headerOrder
Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in its inspection. WAF separates the header names in the string using colons and no added spaces, for example
host:user-agent:accept:authorization:referer
.- Returns:
- Inspect a string containing the list of the request's header names, ordered as they appear in the web
request that WAF receives for inspection. WAF generates the string and then uses that as the field to
match component in its inspection. WAF separates the header names in the string using colons and no added
spaces, for example
host:user-agent:accept:authorization:referer
.
-
ja3Fingerprint
Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match
ByteMatchStatement
with thePositionalConstraint
set toEXACTLY
.You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
- Returns:
- Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the
TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's
TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client
Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match
ByteMatchStatement
with thePositionalConstraint
set toEXACTLY
.You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<FieldToMatch.Builder,
FieldToMatch> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode() -
equals
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value. -
getValueForField
-
sdkFields
-