ForwardedIPConfig - Amazon WAFV2
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ForwardedIPConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

Note

If the specified header isn't present in the request, Amazon WAF doesn't apply the rule to the web request at all.

This configuration is used for GeoMatchStatement and RateBasedStatement. For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.

Amazon WAF only evaluates the first IP address found in the specified HTTP header.

Contents

FallbackBehavior

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.

Note

If the specified header isn't present in the request, Amazon WAF doesn't apply the rule to the web request at all.

You can specify the following fallback behaviors:

  • MATCH - Treat the web request as matching the rule statement. Amazon WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

Type: String

Valid Values: MATCH | NO_MATCH

Required: Yes

HeaderName

The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.

Note

If the specified header isn't present in the request, Amazon WAF doesn't apply the rule to the web request at all.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: ^[a-zA-Z0-9-]+$

Required: Yes

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: