@datafire/amazonaws_waf
Client library for AWS WAF
Installation and Usage
npm install --save @datafire/amazonaws_waf
let amazonaws_waf = require('@datafire/amazonaws_waf').create({
accessKeyId: "",
secretAccessKey: "",
region: ""
});
amazonaws_waf.CreateByteMatchSet({
"Name": "",
"ChangeToken": ""
}).then(data => {
console.log(data);
});
Description
This is the AWS WAF API Reference for using AWS WAF with Amazon CloudFront. The AWS WAF actions and data types listed in the reference are available for protecting Amazon CloudFront distributions. You can use these actions and data types via the endpoint waf.amazonaws.com. This guide is for developers who need detailed information about the AWS WAF API actions, data types, and errors. For detailed information about AWS WAF features and an overview of how to use the AWS WAF API, see the AWS WAF Developer Guide.
Actions
CreateByteMatchSet
amazonaws_waf.CreateByteMatchSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
- output CreateByteMatchSetResponse
CreateGeoMatchSet
amazonaws_waf.CreateGeoMatchSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
- output CreateGeoMatchSetResponse
CreateIPSet
amazonaws_waf.CreateIPSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
- output CreateIPSetResponse
CreateRateBasedRule
amazonaws_waf.CreateRateBasedRule({
"Name": "",
"MetricName": "",
"RateKey": "",
"RateLimit": 0,
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- MetricName required MetricName
- Name required ResourceName
- RateKey required RateKey
- RateLimit required RateLimit
Output
- output CreateRateBasedRuleResponse
CreateRegexMatchSet
amazonaws_waf.CreateRegexMatchSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
- output CreateRegexMatchSetResponse
CreateRegexPatternSet
amazonaws_waf.CreateRegexPatternSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
CreateRule
amazonaws_waf.CreateRule({
"Name": "",
"MetricName": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- MetricName required MetricName
- Name required ResourceName
Output
- output CreateRuleResponse
CreateRuleGroup
amazonaws_waf.CreateRuleGroup({
"Name": "",
"MetricName": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- MetricName required MetricName
- Name required ResourceName
Output
- output CreateRuleGroupResponse
CreateSizeConstraintSet
amazonaws_waf.CreateSizeConstraintSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
CreateSqlInjectionMatchSet
amazonaws_waf.CreateSqlInjectionMatchSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
CreateWebACL
amazonaws_waf.CreateWebACL({
"Name": "",
"MetricName": "",
"DefaultAction": {
"Type": ""
},
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- DefaultAction required WafAction
- MetricName required MetricName
- Name required ResourceName
Output
- output CreateWebACLResponse
CreateXssMatchSet
amazonaws_waf.CreateXssMatchSet({
"Name": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Name required ResourceName
Output
- output CreateXssMatchSetResponse
DeleteByteMatchSet
amazonaws_waf.DeleteByteMatchSet({
"ByteMatchSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ByteMatchSetId required ResourceId
- ChangeToken required ChangeToken
Output
- output DeleteByteMatchSetResponse
DeleteGeoMatchSet
amazonaws_waf.DeleteGeoMatchSet({
"GeoMatchSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- GeoMatchSetId required ResourceId
Output
- output DeleteGeoMatchSetResponse
DeleteIPSet
amazonaws_waf.DeleteIPSet({
"IPSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- IPSetId required ResourceId
Output
- output DeleteIPSetResponse
DeleteRateBasedRule
amazonaws_waf.DeleteRateBasedRule({
"RuleId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RuleId required ResourceId
Output
- output DeleteRateBasedRuleResponse
DeleteRegexMatchSet
amazonaws_waf.DeleteRegexMatchSet({
"RegexMatchSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RegexMatchSetId required ResourceId
Output
- output DeleteRegexMatchSetResponse
DeleteRegexPatternSet
amazonaws_waf.DeleteRegexPatternSet({
"RegexPatternSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RegexPatternSetId required ResourceId
Output
DeleteRule
amazonaws_waf.DeleteRule({
"RuleId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RuleId required ResourceId
Output
- output DeleteRuleResponse
DeleteRuleGroup
amazonaws_waf.DeleteRuleGroup({
"RuleGroupId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RuleGroupId required ResourceId
Output
- output DeleteRuleGroupResponse
DeleteSizeConstraintSet
amazonaws_waf.DeleteSizeConstraintSet({
"SizeConstraintSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- SizeConstraintSetId required ResourceId
Output
DeleteSqlInjectionMatchSet
amazonaws_waf.DeleteSqlInjectionMatchSet({
"SqlInjectionMatchSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- SqlInjectionMatchSetId required ResourceId
Output
DeleteWebACL
amazonaws_waf.DeleteWebACL({
"WebACLId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- WebACLId required ResourceId
Output
- output DeleteWebACLResponse
DeleteXssMatchSet
amazonaws_waf.DeleteXssMatchSet({
"XssMatchSetId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- XssMatchSetId required ResourceId
Output
- output DeleteXssMatchSetResponse
GetByteMatchSet
amazonaws_waf.GetByteMatchSet({
"ByteMatchSetId": ""
}, context)
Input
- input
object
- ByteMatchSetId required ResourceId
Output
- output GetByteMatchSetResponse
GetChangeToken
amazonaws_waf.GetChangeToken({}, context)
Input
- input
object
Output
- output GetChangeTokenResponse
GetChangeTokenStatus
amazonaws_waf.GetChangeTokenStatus({
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
Output
- output GetChangeTokenStatusResponse
GetGeoMatchSet
amazonaws_waf.GetGeoMatchSet({
"GeoMatchSetId": ""
}, context)
Input
- input
object
- GeoMatchSetId required ResourceId
Output
- output GetGeoMatchSetResponse
GetIPSet
amazonaws_waf.GetIPSet({
"IPSetId": ""
}, context)
Input
- input
object
- IPSetId required ResourceId
Output
- output GetIPSetResponse
GetRateBasedRule
amazonaws_waf.GetRateBasedRule({
"RuleId": ""
}, context)
Input
- input
object
- RuleId required ResourceId
Output
- output GetRateBasedRuleResponse
GetRateBasedRuleManagedKeys
amazonaws_waf.GetRateBasedRuleManagedKeys({
"RuleId": ""
}, context)
Input
- input
object
- NextMarker NextMarker
- RuleId required ResourceId
Output
GetRegexMatchSet
amazonaws_waf.GetRegexMatchSet({
"RegexMatchSetId": ""
}, context)
Input
- input
object
- RegexMatchSetId required ResourceId
Output
- output GetRegexMatchSetResponse
GetRegexPatternSet
amazonaws_waf.GetRegexPatternSet({
"RegexPatternSetId": ""
}, context)
Input
- input
object
- RegexPatternSetId required ResourceId
Output
- output GetRegexPatternSetResponse
GetRule
amazonaws_waf.GetRule({
"RuleId": ""
}, context)
Input
- input
object
- RuleId required ResourceId
Output
- output GetRuleResponse
GetRuleGroup
amazonaws_waf.GetRuleGroup({
"RuleGroupId": ""
}, context)
Input
- input
object
- RuleGroupId required ResourceId
Output
- output GetRuleGroupResponse
GetSampledRequests
amazonaws_waf.GetSampledRequests({
"WebAclId": "",
"RuleId": "",
"TimeWindow": {
"StartTime": "",
"EndTime": ""
},
"MaxItems": 0
}, context)
Input
- input
object
- MaxItems required GetSampledRequestsMaxItems
- RuleId required ResourceId
- TimeWindow required TimeWindow
- WebAclId required ResourceId
Output
- output GetSampledRequestsResponse
GetSizeConstraintSet
amazonaws_waf.GetSizeConstraintSet({
"SizeConstraintSetId": ""
}, context)
Input
- input
object
- SizeConstraintSetId required ResourceId
Output
- output GetSizeConstraintSetResponse
GetSqlInjectionMatchSet
amazonaws_waf.GetSqlInjectionMatchSet({
"SqlInjectionMatchSetId": ""
}, context)
Input
- input
object
- SqlInjectionMatchSetId required ResourceId
Output
GetWebACL
amazonaws_waf.GetWebACL({
"WebACLId": ""
}, context)
Input
- input
object
- WebACLId required ResourceId
Output
- output GetWebACLResponse
GetXssMatchSet
amazonaws_waf.GetXssMatchSet({
"XssMatchSetId": ""
}, context)
Input
- input
object
- XssMatchSetId required ResourceId
Output
- output GetXssMatchSetResponse
ListActivatedRulesInRuleGroup
amazonaws_waf.ListActivatedRulesInRuleGroup({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
- RuleGroupId ResourceId
Output
ListByteMatchSets
amazonaws_waf.ListByteMatchSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListByteMatchSetsResponse
ListGeoMatchSets
amazonaws_waf.ListGeoMatchSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListGeoMatchSetsResponse
ListIPSets
amazonaws_waf.ListIPSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListIPSetsResponse
ListRateBasedRules
amazonaws_waf.ListRateBasedRules({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListRateBasedRulesResponse
ListRegexMatchSets
amazonaws_waf.ListRegexMatchSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListRegexMatchSetsResponse
ListRegexPatternSets
amazonaws_waf.ListRegexPatternSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListRegexPatternSetsResponse
ListRuleGroups
amazonaws_waf.ListRuleGroups({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListRuleGroupsResponse
ListRules
amazonaws_waf.ListRules({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListRulesResponse
ListSizeConstraintSets
amazonaws_waf.ListSizeConstraintSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
ListSqlInjectionMatchSets
amazonaws_waf.ListSqlInjectionMatchSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
ListSubscribedRuleGroups
amazonaws_waf.ListSubscribedRuleGroups({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
ListWebACLs
amazonaws_waf.ListWebACLs({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListWebACLsResponse
ListXssMatchSets
amazonaws_waf.ListXssMatchSets({}, context)
Input
- input
object
- Limit PaginationLimit
- NextMarker NextMarker
Output
- output ListXssMatchSetsResponse
UpdateByteMatchSet
amazonaws_waf.UpdateByteMatchSet({
"ByteMatchSetId": "",
"ChangeToken": "",
"Updates": []
}, context)
Input
- input
object
- ByteMatchSetId required ResourceId
- ChangeToken required ChangeToken
- Updates required ByteMatchSetUpdates
Output
- output UpdateByteMatchSetResponse
UpdateGeoMatchSet
amazonaws_waf.UpdateGeoMatchSet({
"GeoMatchSetId": "",
"ChangeToken": "",
"Updates": []
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- GeoMatchSetId required ResourceId
- Updates required GeoMatchSetUpdates
Output
- output UpdateGeoMatchSetResponse
UpdateIPSet
amazonaws_waf.UpdateIPSet({
"IPSetId": "",
"ChangeToken": "",
"Updates": []
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- IPSetId required ResourceId
- Updates required IPSetUpdates
Output
- output UpdateIPSetResponse
UpdateRateBasedRule
amazonaws_waf.UpdateRateBasedRule({
"RuleId": "",
"ChangeToken": "",
"Updates": [],
"RateLimit": 0
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RateLimit required RateLimit
- RuleId required ResourceId
- Updates required RuleUpdates
Output
- output UpdateRateBasedRuleResponse
UpdateRegexMatchSet
amazonaws_waf.UpdateRegexMatchSet({
"RegexMatchSetId": "",
"Updates": [],
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RegexMatchSetId required ResourceId
- Updates required RegexMatchSetUpdates
Output
- output UpdateRegexMatchSetResponse
UpdateRegexPatternSet
amazonaws_waf.UpdateRegexPatternSet({
"RegexPatternSetId": "",
"Updates": [],
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RegexPatternSetId required ResourceId
- Updates required RegexPatternSetUpdates
Output
UpdateRule
amazonaws_waf.UpdateRule({
"RuleId": "",
"ChangeToken": "",
"Updates": []
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RuleId required ResourceId
- Updates required RuleUpdates
Output
- output UpdateRuleResponse
UpdateRuleGroup
amazonaws_waf.UpdateRuleGroup({
"RuleGroupId": "",
"Updates": [],
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- RuleGroupId required ResourceId
- Updates required RuleGroupUpdates
Output
- output UpdateRuleGroupResponse
UpdateSizeConstraintSet
amazonaws_waf.UpdateSizeConstraintSet({
"SizeConstraintSetId": "",
"ChangeToken": "",
"Updates": []
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- SizeConstraintSetId required ResourceId
- Updates required SizeConstraintSetUpdates
Output
UpdateSqlInjectionMatchSet
amazonaws_waf.UpdateSqlInjectionMatchSet({
"SqlInjectionMatchSetId": "",
"ChangeToken": "",
"Updates": []
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- SqlInjectionMatchSetId required ResourceId
- Updates required SqlInjectionMatchSetUpdates
Output
UpdateWebACL
amazonaws_waf.UpdateWebACL({
"WebACLId": "",
"ChangeToken": ""
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- DefaultAction WafAction
- Updates WebACLUpdates
- WebACLId required ResourceId
Output
- output UpdateWebACLResponse
UpdateXssMatchSet
amazonaws_waf.UpdateXssMatchSet({
"XssMatchSetId": "",
"ChangeToken": "",
"Updates": []
}, context)
Input
- input
object
- ChangeToken required ChangeToken
- Updates required XssMatchSetUpdates
- XssMatchSetId required ResourceId
Output
- output UpdateXssMatchSetResponse
Definitions
Action
- Action
string
ActivatedRule
- ActivatedRule
object
:The
ActivatedRule
object in an UpdateWebACL request specifies aRule
that you want to insert or delete, the priority of theRule
in theWebACL
, and the action that you want AWS WAF to take when a web request matches theRule
(ALLOW
,BLOCK
, orCOUNT
).To specify whether to insert or delete a
Rule
, use theAction
parameter in the WebACLUpdate data type.- Action WafAction
- OverrideAction WafOverrideAction
- Priority required RulePriority
- RuleId required ResourceId
- Type WafRuleType
ActivatedRules
- ActivatedRules
array
- items ActivatedRule
ByteMatchSet
- ByteMatchSet
object
:In a GetByteMatchSet request,
ByteMatchSet
is a complex type that contains theByteMatchSetId
andName
of aByteMatchSet
, and the values that you specified when you updated theByteMatchSet
.A complex type that contains
ByteMatchTuple
objects, which specify the parts of web requests that you want AWS WAF to inspect and the values that you want AWS WAF to search for. If aByteMatchSet
contains more than oneByteMatchTuple
object, a request needs to match the settings in only oneByteMatchTuple
to be considered a match.- ByteMatchSetId required ResourceId
- ByteMatchTuples required ByteMatchTuples
- Name ResourceName
ByteMatchSetSummaries
- ByteMatchSetSummaries
array
- items ByteMatchSetSummary
ByteMatchSetSummary
- ByteMatchSetSummary
object
: Returned by ListByteMatchSets. EachByteMatchSetSummary
object includes theName
andByteMatchSetId
for one ByteMatchSet.- ByteMatchSetId required ResourceId
- Name required ResourceName
ByteMatchSetUpdate
- ByteMatchSetUpdate
object
: In an UpdateByteMatchSet request,ByteMatchSetUpdate
specifies whether to insert or delete a ByteMatchTuple and includes the settings for theByteMatchTuple
.- Action required ChangeAction
- ByteMatchTuple required ByteMatchTuple
ByteMatchSetUpdates
- ByteMatchSetUpdates
array
- items ByteMatchSetUpdate
ByteMatchTargetString
- ByteMatchTargetString
string
ByteMatchTuple
- ByteMatchTuple
object
: The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.- FieldToMatch required FieldToMatch
- PositionalConstraint required PositionalConstraint
- TargetString required ByteMatchTargetString
- TextTransformation required TextTransformation
ByteMatchTuples
- ByteMatchTuples
array
- items ByteMatchTuple
ChangeAction
- ChangeAction
string
(values: INSERT, DELETE)
ChangeToken
- ChangeToken
string
ChangeTokenStatus
- ChangeTokenStatus
string
(values: PROVISIONED, PENDING, INSYNC)
ComparisonOperator
- ComparisonOperator
string
(values: EQ, NE, LE, LT, GE, GT)
Country
- Country
string
CreateByteMatchSetRequest
- CreateByteMatchSetRequest
object
- ChangeToken required ChangeToken
- Name required ResourceName
CreateByteMatchSetResponse
- CreateByteMatchSetResponse
object
- ByteMatchSet ByteMatchSet
- ChangeToken ChangeToken
CreateGeoMatchSetRequest
- CreateGeoMatchSetRequest
object
- ChangeToken required ChangeToken
- Name required ResourceName
CreateGeoMatchSetResponse
- CreateGeoMatchSetResponse
object
- ChangeToken ChangeToken
- GeoMatchSet GeoMatchSet
CreateIPSetRequest
- CreateIPSetRequest
object
- ChangeToken required ChangeToken
- Name required ResourceName
CreateIPSetResponse
- CreateIPSetResponse
object
- ChangeToken ChangeToken
- IPSet IPSet
CreateRateBasedRuleRequest
- CreateRateBasedRuleRequest
object
- ChangeToken required ChangeToken
- MetricName required MetricName
- Name required ResourceName
- RateKey required RateKey
- RateLimit required RateLimit
CreateRateBasedRuleResponse
- CreateRateBasedRuleResponse
object
- ChangeToken ChangeToken
- Rule RateBasedRule
CreateRegexMatchSetRequest
- CreateRegexMatchSetRequest
object
- ChangeToken required ChangeToken
- Name required ResourceName
CreateRegexMatchSetResponse
- CreateRegexMatchSetResponse
object
- ChangeToken ChangeToken
- RegexMatchSet RegexMatchSet
CreateRegexPatternSetRequest
- CreateRegexPatternSetRequest
object
- ChangeToken required ChangeToken
- Name required ResourceName
CreateRegexPatternSetResponse
- CreateRegexPatternSetResponse
object
- ChangeToken ChangeToken
- RegexPatternSet RegexPatternSet
CreateRuleGroupRequest
- CreateRuleGroupRequest
object
- ChangeToken required ChangeToken
- MetricName required MetricName
- Name required ResourceName
CreateRuleGroupResponse
- CreateRuleGroupResponse
object
- ChangeToken ChangeToken
- RuleGroup RuleGroup
CreateRuleRequest
- CreateRuleRequest
object
- ChangeToken required ChangeToken
- MetricName required MetricName
- Name required ResourceName
CreateRuleResponse
- CreateRuleResponse
object
- ChangeToken ChangeToken
- Rule Rule
CreateSizeConstraintSetRequest
- CreateSizeConstraintSetRequest
object
- ChangeToken required ChangeToken
- Name required ResourceName
CreateSizeConstraintSetResponse
- CreateSizeConstraintSetResponse
object
- ChangeToken ChangeToken
- SizeConstraintSet SizeConstraintSet
CreateSqlInjectionMatchSetRequest
- CreateSqlInjectionMatchSetRequest
object
: A request to create a SqlInjectionMatchSet.- ChangeToken required ChangeToken
- Name required ResourceName
CreateSqlInjectionMatchSetResponse
- CreateSqlInjectionMatchSetResponse
object
: The response to aCreateSqlInjectionMatchSet
request.- ChangeToken ChangeToken
- SqlInjectionMatchSet SqlInjectionMatchSet
CreateWebACLRequest
- CreateWebACLRequest
object
- ChangeToken required ChangeToken
- DefaultAction required WafAction
- MetricName required MetricName
- Name required ResourceName
CreateWebACLResponse
- CreateWebACLResponse
object
- ChangeToken ChangeToken
- WebACL WebACL
CreateXssMatchSetRequest
- CreateXssMatchSetRequest
object
: A request to create an XssMatchSet.- ChangeToken required ChangeToken
- Name required ResourceName
CreateXssMatchSetResponse
- CreateXssMatchSetResponse
object
: The response to aCreateXssMatchSet
request.- ChangeToken ChangeToken
- XssMatchSet XssMatchSet
DeleteByteMatchSetRequest
- DeleteByteMatchSetRequest
object
- ByteMatchSetId required ResourceId
- ChangeToken required ChangeToken
DeleteByteMatchSetResponse
- DeleteByteMatchSetResponse
object
- ChangeToken ChangeToken
DeleteGeoMatchSetRequest
- DeleteGeoMatchSetRequest
object
- ChangeToken required ChangeToken
- GeoMatchSetId required ResourceId
DeleteGeoMatchSetResponse
- DeleteGeoMatchSetResponse
object
- ChangeToken ChangeToken
DeleteIPSetRequest
- DeleteIPSetRequest
object
- ChangeToken required ChangeToken
- IPSetId required ResourceId
DeleteIPSetResponse
- DeleteIPSetResponse
object
- ChangeToken ChangeToken
DeleteRateBasedRuleRequest
- DeleteRateBasedRuleRequest
object
- ChangeToken required ChangeToken
- RuleId required ResourceId
DeleteRateBasedRuleResponse
- DeleteRateBasedRuleResponse
object
- ChangeToken ChangeToken
DeleteRegexMatchSetRequest
- DeleteRegexMatchSetRequest
object
- ChangeToken required ChangeToken
- RegexMatchSetId required ResourceId
DeleteRegexMatchSetResponse
- DeleteRegexMatchSetResponse
object
- ChangeToken ChangeToken
DeleteRegexPatternSetRequest
- DeleteRegexPatternSetRequest
object
- ChangeToken required ChangeToken
- RegexPatternSetId required ResourceId
DeleteRegexPatternSetResponse
- DeleteRegexPatternSetResponse
object
- ChangeToken ChangeToken
DeleteRuleGroupRequest
- DeleteRuleGroupRequest
object
- ChangeToken required ChangeToken
- RuleGroupId required ResourceId
DeleteRuleGroupResponse
- DeleteRuleGroupResponse
object
- ChangeToken ChangeToken
DeleteRuleRequest
- DeleteRuleRequest
object
- ChangeToken required ChangeToken
- RuleId required ResourceId
DeleteRuleResponse
- DeleteRuleResponse
object
- ChangeToken ChangeToken
DeleteSizeConstraintSetRequest
- DeleteSizeConstraintSetRequest
object
- ChangeToken required ChangeToken
- SizeConstraintSetId required ResourceId
DeleteSizeConstraintSetResponse
- DeleteSizeConstraintSetResponse
object
- ChangeToken ChangeToken
DeleteSqlInjectionMatchSetRequest
- DeleteSqlInjectionMatchSetRequest
object
: A request to delete a SqlInjectionMatchSet from AWS WAF.- ChangeToken required ChangeToken
- SqlInjectionMatchSetId required ResourceId
DeleteSqlInjectionMatchSetResponse
- DeleteSqlInjectionMatchSetResponse
object
: The response to a request to delete a SqlInjectionMatchSet from AWS WAF.- ChangeToken ChangeToken
DeleteWebACLRequest
- DeleteWebACLRequest
object
- ChangeToken required ChangeToken
- WebACLId required ResourceId
DeleteWebACLResponse
- DeleteWebACLResponse
object
- ChangeToken ChangeToken
DeleteXssMatchSetRequest
- DeleteXssMatchSetRequest
object
: A request to delete an XssMatchSet from AWS WAF.- ChangeToken required ChangeToken
- XssMatchSetId required ResourceId
DeleteXssMatchSetResponse
- DeleteXssMatchSetResponse
object
: The response to a request to delete an XssMatchSet from AWS WAF.- ChangeToken ChangeToken
FieldToMatch
- FieldToMatch
object
: Specifies where in a web request to look forTargetString
.- Data MatchFieldData
- Type required MatchFieldType
GeoMatchConstraint
- GeoMatchConstraint
object
: The country from which web requests originate that you want AWS WAF to search for.- Type required GeoMatchConstraintType
- Value required GeoMatchConstraintValue
GeoMatchConstraintType
- GeoMatchConstraintType
string
(values: Country)
GeoMatchConstraintValue
- GeoMatchConstraintValue
string
(values: AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW)
GeoMatchConstraints
- GeoMatchConstraints
array
- items GeoMatchConstraint
GeoMatchSet
- GeoMatchSet
object
: Contains one or more countries that AWS WAF will search for.- GeoMatchConstraints required GeoMatchConstraints
- GeoMatchSetId required ResourceId
- Name ResourceName
GeoMatchSetSummaries
- GeoMatchSetSummaries
array
- items GeoMatchSetSummary
GeoMatchSetSummary
- GeoMatchSetSummary
object
: Contains the identifier and the name of theGeoMatchSet
.- GeoMatchSetId required ResourceId
- Name required ResourceName
GeoMatchSetUpdate
- GeoMatchSetUpdate
object
: Specifies the type of update to perform to an GeoMatchSet with UpdateGeoMatchSet.- Action required ChangeAction
- GeoMatchConstraint required GeoMatchConstraint
GeoMatchSetUpdates
- GeoMatchSetUpdates
array
- items GeoMatchSetUpdate
GetByteMatchSetRequest
- GetByteMatchSetRequest
object
- ByteMatchSetId required ResourceId
GetByteMatchSetResponse
- GetByteMatchSetResponse
object
- ByteMatchSet ByteMatchSet
GetChangeTokenRequest
- GetChangeTokenRequest
object
GetChangeTokenResponse
- GetChangeTokenResponse
object
- ChangeToken ChangeToken
GetChangeTokenStatusRequest
- GetChangeTokenStatusRequest
object
- ChangeToken required ChangeToken
GetChangeTokenStatusResponse
- GetChangeTokenStatusResponse
object
- ChangeTokenStatus ChangeTokenStatus
GetGeoMatchSetRequest
- GetGeoMatchSetRequest
object
- GeoMatchSetId required ResourceId
GetGeoMatchSetResponse
- GetGeoMatchSetResponse
object
- GeoMatchSet GeoMatchSet
GetIPSetRequest
- GetIPSetRequest
object
- IPSetId required ResourceId
GetIPSetResponse
- GetIPSetResponse
object
- IPSet IPSet
GetRateBasedRuleManagedKeysRequest
- GetRateBasedRuleManagedKeysRequest
object
- NextMarker NextMarker
- RuleId required ResourceId
GetRateBasedRuleManagedKeysResponse
- GetRateBasedRuleManagedKeysResponse
object
- ManagedKeys ManagedKeys
- NextMarker NextMarker
GetRateBasedRuleRequest
- GetRateBasedRuleRequest
object
- RuleId required ResourceId
GetRateBasedRuleResponse
- GetRateBasedRuleResponse
object
- Rule RateBasedRule
GetRegexMatchSetRequest
- GetRegexMatchSetRequest
object
- RegexMatchSetId required ResourceId
GetRegexMatchSetResponse
- GetRegexMatchSetResponse
object
- RegexMatchSet RegexMatchSet
GetRegexPatternSetRequest
- GetRegexPatternSetRequest
object
- RegexPatternSetId required ResourceId
GetRegexPatternSetResponse
- GetRegexPatternSetResponse
object
- RegexPatternSet RegexPatternSet
GetRuleGroupRequest
- GetRuleGroupRequest
object
- RuleGroupId required ResourceId
GetRuleGroupResponse
- GetRuleGroupResponse
object
- RuleGroup RuleGroup
GetRuleRequest
- GetRuleRequest
object
- RuleId required ResourceId
GetRuleResponse
- GetRuleResponse
object
- Rule Rule
GetSampledRequestsMaxItems
- GetSampledRequestsMaxItems
integer
GetSampledRequestsRequest
- GetSampledRequestsRequest
object
- MaxItems required GetSampledRequestsMaxItems
- RuleId required ResourceId
- TimeWindow required TimeWindow
- WebAclId required ResourceId
GetSampledRequestsResponse
- GetSampledRequestsResponse
object
- PopulationSize PopulationSize
- SampledRequests SampledHTTPRequests
- TimeWindow TimeWindow
GetSizeConstraintSetRequest
- GetSizeConstraintSetRequest
object
- SizeConstraintSetId required ResourceId
GetSizeConstraintSetResponse
- GetSizeConstraintSetResponse
object
- SizeConstraintSet SizeConstraintSet
GetSqlInjectionMatchSetRequest
- GetSqlInjectionMatchSetRequest
object
: A request to get a SqlInjectionMatchSet.- SqlInjectionMatchSetId required ResourceId
GetSqlInjectionMatchSetResponse
- GetSqlInjectionMatchSetResponse
object
: The response to a GetSqlInjectionMatchSet request.- SqlInjectionMatchSet SqlInjectionMatchSet
GetWebACLRequest
- GetWebACLRequest
object
- WebACLId required ResourceId
GetWebACLResponse
- GetWebACLResponse
object
- WebACL WebACL
GetXssMatchSetRequest
- GetXssMatchSetRequest
object
: A request to get an XssMatchSet.- XssMatchSetId required ResourceId
GetXssMatchSetResponse
- GetXssMatchSetResponse
object
: The response to a GetXssMatchSet request.- XssMatchSet XssMatchSet
HTTPHeader
- HTTPHeader
object
: The response from a GetSampledRequests request includes anHTTPHeader
complex type that appears asHeaders
in the response syntax.HTTPHeader
contains the names and values of all of the headers that appear in one of the web requests that were returned byGetSampledRequests
.- Name HeaderName
- Value HeaderValue
HTTPHeaders
- HTTPHeaders
array
- items HTTPHeader
HTTPMethod
- HTTPMethod
string
HTTPRequest
- HTTPRequest
object
: The response from a GetSampledRequests request includes anHTTPRequest
complex type that appears asRequest
in the response syntax.HTTPRequest
contains information about one of the web requests that were returned byGetSampledRequests
.- ClientIP IPString
- Country Country
- HTTPVersion HTTPVersion
- Headers HTTPHeaders
- Method HTTPMethod
- URI URIString
HTTPVersion
- HTTPVersion
string
HeaderName
- HeaderName
string
HeaderValue
- HeaderValue
string
IPSet
- IPSet
object
:Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports /8, /16, /24, and /32 IP address ranges for IPv4, and /24, /32, /48, /56, /64 and /128 for IPv6.
To specify an individual IP address, you specify the four-part IP address followed by a
/32
, for example, 192.0.2.0/31. To block a range of IP addresses, you can specify a/128
,/64
,/56
,/48
,/32
,/24
,/16
, or/8
CIDR. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.- IPSetDescriptors required IPSetDescriptors
- IPSetId required ResourceId
- Name ResourceName
IPSetDescriptor
- IPSetDescriptor
object
: Specifies the IP address type (IPV4
orIPV6
) and the IP address range (in CIDR format) that web requests originate from.- Type required IPSetDescriptorType
- Value required IPSetDescriptorValue
IPSetDescriptorType
- IPSetDescriptorType
string
(values: IPV4, IPV6)
IPSetDescriptorValue
- IPSetDescriptorValue
string
IPSetDescriptors
- IPSetDescriptors
array
- items IPSetDescriptor
IPSetSummaries
- IPSetSummaries
array
- items IPSetSummary
IPSetSummary
- IPSetSummary
object
: Contains the identifier and the name of theIPSet
.- IPSetId required ResourceId
- Name required ResourceName
IPSetUpdate
- IPSetUpdate
object
: Specifies the type of update to perform to an IPSet with UpdateIPSet.- Action required ChangeAction
- IPSetDescriptor required IPSetDescriptor
IPSetUpdates
- IPSetUpdates
array
- items IPSetUpdate
IPString
- IPString
string
ListActivatedRulesInRuleGroupRequest
- ListActivatedRulesInRuleGroupRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
- RuleGroupId ResourceId
ListActivatedRulesInRuleGroupResponse
- ListActivatedRulesInRuleGroupResponse
object
- ActivatedRules ActivatedRules
- NextMarker NextMarker
ListByteMatchSetsRequest
- ListByteMatchSetsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListByteMatchSetsResponse
- ListByteMatchSetsResponse
object
- ByteMatchSets ByteMatchSetSummaries
- NextMarker NextMarker
ListGeoMatchSetsRequest
- ListGeoMatchSetsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListGeoMatchSetsResponse
- ListGeoMatchSetsResponse
object
- GeoMatchSets GeoMatchSetSummaries
- NextMarker NextMarker
ListIPSetsRequest
- ListIPSetsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListIPSetsResponse
- ListIPSetsResponse
object
- IPSets IPSetSummaries
- NextMarker NextMarker
ListRateBasedRulesRequest
- ListRateBasedRulesRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListRateBasedRulesResponse
- ListRateBasedRulesResponse
object
- NextMarker NextMarker
- Rules RuleSummaries
ListRegexMatchSetsRequest
- ListRegexMatchSetsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListRegexMatchSetsResponse
- ListRegexMatchSetsResponse
object
- NextMarker NextMarker
- RegexMatchSets RegexMatchSetSummaries
ListRegexPatternSetsRequest
- ListRegexPatternSetsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListRegexPatternSetsResponse
- ListRegexPatternSetsResponse
object
- NextMarker NextMarker
- RegexPatternSets RegexPatternSetSummaries
ListRuleGroupsRequest
- ListRuleGroupsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListRuleGroupsResponse
- ListRuleGroupsResponse
object
- NextMarker NextMarker
- RuleGroups RuleGroupSummaries
ListRulesRequest
- ListRulesRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListRulesResponse
- ListRulesResponse
object
- NextMarker NextMarker
- Rules RuleSummaries
ListSizeConstraintSetsRequest
- ListSizeConstraintSetsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListSizeConstraintSetsResponse
- ListSizeConstraintSetsResponse
object
- NextMarker NextMarker
- SizeConstraintSets SizeConstraintSetSummaries
ListSqlInjectionMatchSetsRequest
- ListSqlInjectionMatchSetsRequest
object
: A request to list the SqlInjectionMatchSet objects created by the current AWS account.- Limit PaginationLimit
- NextMarker NextMarker
ListSqlInjectionMatchSetsResponse
- ListSqlInjectionMatchSetsResponse
object
: The response to a ListSqlInjectionMatchSets request.- NextMarker NextMarker
- SqlInjectionMatchSets SqlInjectionMatchSetSummaries
ListSubscribedRuleGroupsRequest
- ListSubscribedRuleGroupsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListSubscribedRuleGroupsResponse
- ListSubscribedRuleGroupsResponse
object
- NextMarker NextMarker
- RuleGroups SubscribedRuleGroupSummaries
ListWebACLsRequest
- ListWebACLsRequest
object
- Limit PaginationLimit
- NextMarker NextMarker
ListWebACLsResponse
- ListWebACLsResponse
object
- NextMarker NextMarker
- WebACLs WebACLSummaries
ListXssMatchSetsRequest
- ListXssMatchSetsRequest
object
: A request to list the XssMatchSet objects created by the current AWS account.- Limit PaginationLimit
- NextMarker NextMarker
ListXssMatchSetsResponse
- ListXssMatchSetsResponse
object
: The response to a ListXssMatchSets request.- NextMarker NextMarker
- XssMatchSets XssMatchSetSummaries
ManagedKey
- ManagedKey
string
ManagedKeys
- ManagedKeys
array
- items ManagedKey
MatchFieldData
- MatchFieldData
string
MatchFieldType
- MatchFieldType
string
(values: URI, QUERY_STRING, HEADER, METHOD, BODY)
MetricName
- MetricName
string
Negated
- Negated
boolean
NextMarker
- NextMarker
string
PaginationLimit
- PaginationLimit
integer
ParameterExceptionField
- ParameterExceptionField
string
(values: CHANGE_ACTION, WAF_ACTION, WAF_OVERRIDE_ACTION, PREDICATE_TYPE, IPSET_TYPE, BYTE_MATCH_FIELD_TYPE, SQL_INJECTION_MATCH_FIELD_TYPE, BYTE_MATCH_TEXT_TRANSFORMATION, BYTE_MATCH_POSITIONAL_CONSTRAINT, SIZE_CONSTRAINT_COMPARISON_OPERATOR, GEO_MATCH_LOCATION_TYPE, GEO_MATCH_LOCATION_VALUE, RATE_KEY, RULE_TYPE, NEXT_MARKER)
ParameterExceptionParameter
- ParameterExceptionParameter
string
ParameterExceptionReason
- ParameterExceptionReason
string
(values: INVALID_OPTION, ILLEGAL_COMBINATION)
PopulationSize
- PopulationSize
integer
PositionalConstraint
- PositionalConstraint
string
(values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD)
Predicate
- Predicate
object
: Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, and SizeConstraintSet objects that you want to add to aRule
and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.- DataId required ResourceId
- Negated required Negated
- Type required PredicateType
PredicateType
- PredicateType
string
(values: IPMatch, ByteMatch, SqlInjectionMatch, GeoMatch, SizeConstraint, XssMatch, RegexMatch)
Predicates
- Predicates
array
- items Predicate
RateBasedRule
- RateBasedRule
object
:A
RateBasedRule
is identical to a regular Rule, with one addition: aRateBasedRule
counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create aRateBasedRule
that includes the following conditions:-
The requests come from 192.0.2.44.
-
They contain the value
BadBot
in theUser-Agent
header.
In the rule, you also define the rate limit as 15,000.
Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.
- MatchPredicates required Predicates
- MetricName MetricName
- Name ResourceName
- RateKey required RateKey
- RateLimit required RateLimit
- RuleId required ResourceId
-
RateKey
- RateKey
string
(values: IP)
RateLimit
- RateLimit
integer
RegexMatchSet
- RegexMatchSet
object
:In a GetRegexMatchSet request,
RegexMatchSet
is a complex type that contains theRegexMatchSetId
andName
of aRegexMatchSet
, and the values that you specified when you updated theRegexMatchSet
.The values are contained in a
RegexMatchTuple
object, which specify the parts of web requests that you want AWS WAF to inspect and the values that you want AWS WAF to search for. If aRegexMatchSet
contains more than oneRegexMatchTuple
object, a request needs to match the settings in only oneByteMatchTuple
to be considered a match.- Name ResourceName
- RegexMatchSetId ResourceId
- RegexMatchTuples RegexMatchTuples
RegexMatchSetSummaries
- RegexMatchSetSummaries
array
- items RegexMatchSetSummary
RegexMatchSetSummary
- RegexMatchSetSummary
object
: Returned by ListRegexMatchSets. EachRegexMatchSetSummary
object includes theName
andRegexMatchSetId
for one RegexMatchSet.- Name required ResourceName
- RegexMatchSetId required ResourceId
RegexMatchSetUpdate
- RegexMatchSetUpdate
object
: In an UpdateRegexMatchSet request,RegexMatchSetUpdate
specifies whether to insert or delete a RegexMatchTuple and includes the settings for theRegexMatchTuple
.- Action required ChangeAction
- RegexMatchTuple required RegexMatchTuple
RegexMatchSetUpdates
- RegexMatchSetUpdates
array
- items RegexMatchSetUpdate
RegexMatchTuple
- RegexMatchTuple
object
:The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. Each
RegexMatchTuple
object contains:-
The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the
User-Agent
header. -
The identifier of the pattern (a regular expression) that you want AWS WAF to look for. For more information, see RegexPatternSet.
-
Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.
- FieldToMatch required FieldToMatch
- RegexPatternSetId required ResourceId
- TextTransformation required TextTransformation
-
RegexMatchTuples
- RegexMatchTuples
array
- items RegexMatchTuple
RegexPatternSet
- RegexPatternSet
object
: TheRegexPatternSet
specifies the regular expression (regex) pattern that you want AWS WAF to search for, such asB[a@]dB[o0]t
. You can then configure AWS WAF to reject those requests.- Name ResourceName
- RegexPatternSetId required ResourceId
- RegexPatternStrings required RegexPatternStrings
RegexPatternSetSummaries
- RegexPatternSetSummaries
array
- items RegexPatternSetSummary
RegexPatternSetSummary
- RegexPatternSetSummary
object
: Returned by ListRegexPatternSets. EachRegexPatternSetSummary
object includes theName
andRegexPatternSetId
for one RegexPatternSet.- Name required ResourceName
- RegexPatternSetId required ResourceId
RegexPatternSetUpdate
- RegexPatternSetUpdate
object
: In an UpdateRegexPatternSet request,RegexPatternSetUpdate
specifies whether to insert or delete aRegexPatternString
and includes the settings for theRegexPatternString
.- Action required ChangeAction
- RegexPatternString required RegexPatternString
RegexPatternSetUpdates
- RegexPatternSetUpdates
array
- items RegexPatternSetUpdate
RegexPatternString
- RegexPatternString
string
RegexPatternStrings
- RegexPatternStrings
array
- items RegexPatternString
ResourceId
- ResourceId
string
ResourceName
- ResourceName
string
Rule
- Rule
object
:A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a
Rule
that includes the following predicates:-
An
IPSet
that causes AWS WAF to search for web requests that originate from the IP address192.0.2.44
-
A
ByteMatchSet
that causes AWS WAF to search for web requests for which the value of theUser-Agent
header isBadBot
.
To match the settings in this
Rule
, a request must originate from192.0.2.44
AND include aUser-Agent
header for which the value isBadBot
.- MetricName MetricName
- Name ResourceName
- Predicates required Predicates
- RuleId required ResourceId
-
RuleGroup
- RuleGroup
object
:A collection of predefined rules that you can add to a web ACL.
Rule groups are subject to the following limits:
-
Three rule groups per account. You can request an increase to this limit by contacting customer support.
-
One rule group per web ACL.
-
Ten rules per rule group.
- MetricName MetricName
- Name ResourceName
- RuleGroupId required ResourceId
-
RuleGroupSummaries
- RuleGroupSummaries
array
- items RuleGroupSummary
RuleGroupSummary
- RuleGroupSummary
object
: Contains the identifier and the friendly name or description of theRuleGroup
.- Name required ResourceName
- RuleGroupId required ResourceId
RuleGroupUpdate
- RuleGroupUpdate
object
: Specifies anActivatedRule
and indicates whether you want to add it to aRuleGroup
or delete it from aRuleGroup
.- Action required ChangeAction
- ActivatedRule required ActivatedRule
RuleGroupUpdates
- RuleGroupUpdates
array
- items RuleGroupUpdate
RulePriority
- RulePriority
integer
RuleSummaries
- RuleSummaries
array
- items RuleSummary
RuleSummary
- RuleSummary
object
: Contains the identifier and the friendly name or description of theRule
.- Name required ResourceName
- RuleId required ResourceId
RuleUpdate
- RuleUpdate
object
: Specifies aPredicate
(such as anIPSet
) and indicates whether you want to add it to aRule
or delete it from aRule
.- Action required ChangeAction
- Predicate required Predicate
RuleUpdates
- RuleUpdates
array
- items RuleUpdate
SampleWeight
- SampleWeight
integer
SampledHTTPRequest
- SampledHTTPRequest
object
: The response from a GetSampledRequests request includes aSampledHTTPRequests
complex type that appears asSampledRequests
in the response syntax.SampledHTTPRequests
contains oneSampledHTTPRequest
object for each web request that is returned byGetSampledRequests
.- Action Action
- Request required HTTPRequest
- RuleWithinRuleGroup ResourceId
- Timestamp Timestamp
- Weight required SampleWeight
SampledHTTPRequests
- SampledHTTPRequests
array
- items SampledHTTPRequest
Size
- Size
integer
SizeConstraint
- SizeConstraint
object
: Specifies a constraint on the size of a part of the web request. AWS WAF uses theSize
,ComparisonOperator
, andFieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes ofFieldToMatch
". If that expression is true, theSizeConstraint
is considered to match.- ComparisonOperator required ComparisonOperator
- FieldToMatch required FieldToMatch
- Size required Size
- TextTransformation required TextTransformation
SizeConstraintSet
- SizeConstraintSet
object
: A complex type that containsSizeConstraint
objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If aSizeConstraintSet
contains more than oneSizeConstraint
object, a request only needs to match one constraint to be considered a match.- Name ResourceName
- SizeConstraintSetId required ResourceId
- SizeConstraints required SizeConstraints
SizeConstraintSetSummaries
- SizeConstraintSetSummaries
array
- items SizeConstraintSetSummary
SizeConstraintSetSummary
- SizeConstraintSetSummary
object
: TheId
andName
of aSizeConstraintSet
.- Name required ResourceName
- SizeConstraintSetId required ResourceId
SizeConstraintSetUpdate
- SizeConstraintSetUpdate
object
: Specifies the part of a web request that you want to inspect the size of and indicates whether you want to add the specification to a SizeConstraintSet or delete it from aSizeConstraintSet
.- Action required ChangeAction
- SizeConstraint required SizeConstraint
SizeConstraintSetUpdates
- SizeConstraintSetUpdates
array
- items SizeConstraintSetUpdate
SizeConstraints
- SizeConstraints
array
- items SizeConstraint
SqlInjectionMatchSet
- SqlInjectionMatchSet
object
: A complex type that containsSqlInjectionMatchTuple
objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If aSqlInjectionMatchSet
contains more than oneSqlInjectionMatchTuple
object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match.- Name ResourceName
- SqlInjectionMatchSetId required ResourceId
- SqlInjectionMatchTuples required SqlInjectionMatchTuples
SqlInjectionMatchSetSummaries
- SqlInjectionMatchSetSummaries
array
SqlInjectionMatchSetSummary
- SqlInjectionMatchSetSummary
object
: TheId
andName
of aSqlInjectionMatchSet
.- Name required ResourceName
- SqlInjectionMatchSetId required ResourceId
SqlInjectionMatchSetUpdate
- SqlInjectionMatchSetUpdate
object
: Specifies the part of a web request that you want to inspect for snippets of malicious SQL code and indicates whether you want to add the specification to a SqlInjectionMatchSet or delete it from aSqlInjectionMatchSet
.- Action required ChangeAction
- SqlInjectionMatchTuple required SqlInjectionMatchTuple
SqlInjectionMatchSetUpdates
- SqlInjectionMatchSetUpdates
array
SqlInjectionMatchTuple
- SqlInjectionMatchTuple
object
: Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.- FieldToMatch required FieldToMatch
- TextTransformation required TextTransformation
SqlInjectionMatchTuples
- SqlInjectionMatchTuples
array
- items SqlInjectionMatchTuple
SubscribedRuleGroupSummaries
- SubscribedRuleGroupSummaries
array
SubscribedRuleGroupSummary
- SubscribedRuleGroupSummary
object
: A summary of the rule groups you are subscribed to.- MetricName required MetricName
- Name required ResourceName
- RuleGroupId required ResourceId
TextTransformation
- TextTransformation
string
(values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE)
TimeWindow
- TimeWindow
object
:In a GetSampledRequests request, the
StartTime
andEndTime
objects specify the time range for which you want AWS WAF to return a sample of web requests.In a GetSampledRequests response, the
StartTime
andEndTime
objects specify the time range for which AWS WAF actually returned a sample of web requests. AWS WAF gets the specified number of requests from among the first 5,000 requests that your AWS resource receives during the specified time period. If your resource receives more than 5,000 requests during that period, AWS WAF stops sampling after the 5,000th request. In that case,EndTime
is the time that AWS WAF received the 5,000th request.
Timestamp
- Timestamp
string
URIString
- URIString
string
UpdateByteMatchSetRequest
- UpdateByteMatchSetRequest
object
- ByteMatchSetId required ResourceId
- ChangeToken required ChangeToken
- Updates required ByteMatchSetUpdates
UpdateByteMatchSetResponse
- UpdateByteMatchSetResponse
object
- ChangeToken ChangeToken
UpdateGeoMatchSetRequest
- UpdateGeoMatchSetRequest
object
- ChangeToken required ChangeToken
- GeoMatchSetId required ResourceId
- Updates required GeoMatchSetUpdates
UpdateGeoMatchSetResponse
- UpdateGeoMatchSetResponse
object
- ChangeToken ChangeToken
UpdateIPSetRequest
- UpdateIPSetRequest
object
- ChangeToken required ChangeToken
- IPSetId required ResourceId
- Updates required IPSetUpdates
UpdateIPSetResponse
- UpdateIPSetResponse
object
- ChangeToken ChangeToken
UpdateRateBasedRuleRequest
- UpdateRateBasedRuleRequest
object
- ChangeToken required ChangeToken
- RateLimit required RateLimit
- RuleId required ResourceId
- Updates required RuleUpdates
UpdateRateBasedRuleResponse
- UpdateRateBasedRuleResponse
object
- ChangeToken ChangeToken
UpdateRegexMatchSetRequest
- UpdateRegexMatchSetRequest
object
- ChangeToken required ChangeToken
- RegexMatchSetId required ResourceId
- Updates required RegexMatchSetUpdates
UpdateRegexMatchSetResponse
- UpdateRegexMatchSetResponse
object
- ChangeToken ChangeToken
UpdateRegexPatternSetRequest
- UpdateRegexPatternSetRequest
object
- ChangeToken required ChangeToken
- RegexPatternSetId required ResourceId
- Updates required RegexPatternSetUpdates
UpdateRegexPatternSetResponse
- UpdateRegexPatternSetResponse
object
- ChangeToken ChangeToken
UpdateRuleGroupRequest
- UpdateRuleGroupRequest
object
- ChangeToken required ChangeToken
- RuleGroupId required ResourceId
- Updates required RuleGroupUpdates
UpdateRuleGroupResponse
- UpdateRuleGroupResponse
object
- ChangeToken ChangeToken
UpdateRuleRequest
- UpdateRuleRequest
object
- ChangeToken required ChangeToken
- RuleId required ResourceId
- Updates required RuleUpdates
UpdateRuleResponse
- UpdateRuleResponse
object
- ChangeToken ChangeToken
UpdateSizeConstraintSetRequest
- UpdateSizeConstraintSetRequest
object
- ChangeToken required ChangeToken
- SizeConstraintSetId required ResourceId
- Updates required SizeConstraintSetUpdates
UpdateSizeConstraintSetResponse
- UpdateSizeConstraintSetResponse
object
- ChangeToken ChangeToken
UpdateSqlInjectionMatchSetRequest
- UpdateSqlInjectionMatchSetRequest
object
: A request to update a SqlInjectionMatchSet.- ChangeToken required ChangeToken
- SqlInjectionMatchSetId required ResourceId
- Updates required SqlInjectionMatchSetUpdates
UpdateSqlInjectionMatchSetResponse
- UpdateSqlInjectionMatchSetResponse
object
: The response to an UpdateSqlInjectionMatchSets request.- ChangeToken ChangeToken
UpdateWebACLRequest
- UpdateWebACLRequest
object
- ChangeToken required ChangeToken
- DefaultAction WafAction
- Updates WebACLUpdates
- WebACLId required ResourceId
UpdateWebACLResponse
- UpdateWebACLResponse
object
- ChangeToken ChangeToken
UpdateXssMatchSetRequest
- UpdateXssMatchSetRequest
object
: A request to update an XssMatchSet.- ChangeToken required ChangeToken
- Updates required XssMatchSetUpdates
- XssMatchSetId required ResourceId
UpdateXssMatchSetResponse
- UpdateXssMatchSetResponse
object
: The response to an UpdateXssMatchSets request.- ChangeToken ChangeToken
WAFDisallowedNameException
- WAFDisallowedNameException
object
: The name specified is invalid.- message errorMessage
WAFInternalErrorException
- WAFInternalErrorException
object
: The operation failed because of a system problem, even though the request was valid. Retry your request.- message errorMessage
WAFInvalidAccountException
- WAFInvalidAccountException
object
: The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
WAFInvalidOperationException
- WAFInvalidOperationException
object
:The operation failed because there was nothing to do. For example:
-
You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. -
You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. -
You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. -
You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. -
You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. -
You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- message errorMessage
-
WAFInvalidParameterException
- WAFInvalidParameterException
object
:The operation failed because AWS WAF didn't recognize a parameter in the request. For example:
-
You specified an invalid parameter name.
-
You specified an invalid value.
-
You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. -
You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. -
You tried to create a
RateBasedRule
with aRateKey
value other thanIP
. -
You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. -
You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, METHOD, QUERY_STRING, URI, or BODY. -
You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
. -
Your request references an ARN that is malformed, or corresponds to a resource with which a web ACL cannot be associated.
- field ParameterExceptionField
- parameter ParameterExceptionParameter
- reason ParameterExceptionReason
-
WAFInvalidRegexPatternException
- WAFInvalidRegexPatternException
object
: The regular expression (regex) you specified inRegexPatternString
is invalid.- message errorMessage
WAFLimitsExceededException
- WAFLimitsExceededException
object
: The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.- message errorMessage
WAFNonEmptyEntityException
- WAFNonEmptyEntityException
object
:The operation failed because you tried to delete an object that isn't empty. For example:
-
You tried to delete a
WebACL
that still contains one or moreRule
objects. -
You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. -
You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. -
You tried to delete an
IPSet
that references one or more IP addresses.
- message errorMessage
-
WAFNonexistentContainerException
- WAFNonexistentContainerException
object
:The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:
-
You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. -
You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. -
You tried to add an IP address to or delete an IP address from an
IPSet
that doesn't exist. -
You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- message errorMessage
-
WAFNonexistentItemException
- WAFNonexistentItemException
object
: The operation failed because the referenced object doesn't exist.- message errorMessage
WAFReferencedItemException
- WAFReferencedItemException
object
:The operation failed because you tried to delete an object that is still in use. For example:
-
You tried to delete a
ByteMatchSet
that is still referenced by aRule
. -
You tried to delete a
Rule
that is still referenced by aWebACL
.
- message errorMessage
-
WAFStaleDataException
- WAFStaleDataException
object
: The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.- message errorMessage
WAFSubscriptionNotFoundException
- WAFSubscriptionNotFoundException
object
: The specified subscription does not exist.- message errorMessage
WafAction
- WafAction
object
: For the action that is associated with a rule in aWebACL
, specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in aWebACL
, specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in aWebACL
.- Type required WafActionType
WafActionType
- WafActionType
string
(values: BLOCK, ALLOW, COUNT)
WafOverrideAction
- WafOverrideAction
object
: The action to take if any rule within theRuleGroup
matches a request.- Type required WafOverrideActionType
WafOverrideActionType
- WafOverrideActionType
string
(values: NONE, COUNT)
WafRuleType
- WafRuleType
string
(values: REGULAR, RATE_BASED, GROUP)
WebACL
- WebACL
object
: Contains theRules
that identify the requests that you want to allow, block, or count. In aWebACL
, you also specify a default action (ALLOW
orBLOCK
), and the action for eachRule
that you add to aWebACL
, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate theWebACL
with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than oneRule
to aWebACL
, a request needs to match only one of the specifications to be allowed, blocked, or counted. For more information, see UpdateWebACL.- DefaultAction required WafAction
- MetricName MetricName
- Name ResourceName
- Rules required ActivatedRules
- WebACLId required ResourceId
WebACLSummaries
- WebACLSummaries
array
- items WebACLSummary
WebACLSummary
- WebACLSummary
object
: Contains the identifier and the name or description of the WebACL.- Name required ResourceName
- WebACLId required ResourceId
WebACLUpdate
- WebACLUpdate
object
: Specifies whether to insert aRule
into or delete aRule
from aWebACL
.- Action required ChangeAction
- ActivatedRule required ActivatedRule
WebACLUpdates
- WebACLUpdates
array
- items WebACLUpdate
XssMatchSet
- XssMatchSet
object
: A complex type that containsXssMatchTuple
objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If aXssMatchSet
contains more than oneXssMatchTuple
object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.- Name ResourceName
- XssMatchSetId required ResourceId
- XssMatchTuples required XssMatchTuples
XssMatchSetSummaries
- XssMatchSetSummaries
array
- items XssMatchSetSummary
XssMatchSetSummary
- XssMatchSetSummary
object
: TheId
andName
of anXssMatchSet
.- Name required ResourceName
- XssMatchSetId required ResourceId
XssMatchSetUpdate
- XssMatchSetUpdate
object
: Specifies the part of a web request that you want to inspect for cross-site scripting attacks and indicates whether you want to add the specification to an XssMatchSet or delete it from anXssMatchSet
.- Action required ChangeAction
- XssMatchTuple required XssMatchTuple
XssMatchSetUpdates
- XssMatchSetUpdates
array
- items XssMatchSetUpdate
XssMatchTuple
- XssMatchTuple
object
: Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.- FieldToMatch required FieldToMatch
- TextTransformation required TextTransformation
XssMatchTuples
- XssMatchTuples
array
- items XssMatchTuple
errorMessage
- errorMessage
string