aws-cdk-lib.aws_wafv2.CfnRuleGroup.RuleProperty

interface RuleProperty

LanguageType name
.NETAmazon.CDK.AWS.WAFv2.CfnRuleGroup.RuleProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awswafv2#CfnRuleGroup_RuleProperty
Javasoftware.amazon.awscdk.services.wafv2.CfnRuleGroup.RuleProperty
Pythonaws_cdk.aws_wafv2.CfnRuleGroup.RuleProperty
TypeScript aws-cdk-lib » aws_wafv2 » CfnRuleGroup » RuleProperty

A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to allow, block, or count.

Each rule includes one top-level Statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_wafv2 as wafv2 } from 'aws-cdk-lib';

declare const all: any;
declare const allow: any;
declare const allQueryArguments: any;
declare const block: any;
declare const captcha: any;
declare const challenge: any;
declare const count: any;
declare const method: any;
declare const queryString: any;
declare const singleHeader: any;
declare const singleQueryArgument: any;
declare const statementProperty_: wafv2.CfnRuleGroup.StatementProperty;
declare const uriPath: any;
const ruleProperty: wafv2.CfnRuleGroup.RuleProperty = {
  name: 'name',
  priority: 123,
  statement: {
    andStatement: {
      statements: [statementProperty_],
    },
    byteMatchStatement: {
      fieldToMatch: {
        allQueryArguments: allQueryArguments,
        body: {
          oversizeHandling: 'oversizeHandling',
        },
        cookies: {
          matchPattern: {
            all: all,
            excludedCookies: ['excludedCookies'],
            includedCookies: ['includedCookies'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        headers: {
          matchPattern: {
            all: all,
            excludedHeaders: ['excludedHeaders'],
            includedHeaders: ['includedHeaders'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        jsonBody: {
          matchPattern: {
            all: all,
            includedPaths: ['includedPaths'],
          },
          matchScope: 'matchScope',

          // the properties below are optional
          invalidFallbackBehavior: 'invalidFallbackBehavior',
          oversizeHandling: 'oversizeHandling',
        },
        method: method,
        queryString: queryString,
        singleHeader: singleHeader,
        singleQueryArgument: singleQueryArgument,
        uriPath: uriPath,
      },
      positionalConstraint: 'positionalConstraint',
      textTransformations: [{
        priority: 123,
        type: 'type',
      }],

      // the properties below are optional
      searchString: 'searchString',
      searchStringBase64: 'searchStringBase64',
    },
    geoMatchStatement: {
      countryCodes: ['countryCodes'],
      forwardedIpConfig: {
        fallbackBehavior: 'fallbackBehavior',
        headerName: 'headerName',
      },
    },
    ipSetReferenceStatement: {
      arn: 'arn',

      // the properties below are optional
      ipSetForwardedIpConfig: {
        fallbackBehavior: 'fallbackBehavior',
        headerName: 'headerName',
        position: 'position',
      },
    },
    labelMatchStatement: {
      key: 'key',
      scope: 'scope',
    },
    notStatement: {
      statement: statementProperty_,
    },
    orStatement: {
      statements: [statementProperty_],
    },
    rateBasedStatement: {
      aggregateKeyType: 'aggregateKeyType',
      limit: 123,

      // the properties below are optional
      forwardedIpConfig: {
        fallbackBehavior: 'fallbackBehavior',
        headerName: 'headerName',
      },
      scopeDownStatement: statementProperty_,
    },
    regexMatchStatement: {
      fieldToMatch: {
        allQueryArguments: allQueryArguments,
        body: {
          oversizeHandling: 'oversizeHandling',
        },
        cookies: {
          matchPattern: {
            all: all,
            excludedCookies: ['excludedCookies'],
            includedCookies: ['includedCookies'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        headers: {
          matchPattern: {
            all: all,
            excludedHeaders: ['excludedHeaders'],
            includedHeaders: ['includedHeaders'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        jsonBody: {
          matchPattern: {
            all: all,
            includedPaths: ['includedPaths'],
          },
          matchScope: 'matchScope',

          // the properties below are optional
          invalidFallbackBehavior: 'invalidFallbackBehavior',
          oversizeHandling: 'oversizeHandling',
        },
        method: method,
        queryString: queryString,
        singleHeader: singleHeader,
        singleQueryArgument: singleQueryArgument,
        uriPath: uriPath,
      },
      regexString: 'regexString',
      textTransformations: [{
        priority: 123,
        type: 'type',
      }],
    },
    regexPatternSetReferenceStatement: {
      arn: 'arn',
      fieldToMatch: {
        allQueryArguments: allQueryArguments,
        body: {
          oversizeHandling: 'oversizeHandling',
        },
        cookies: {
          matchPattern: {
            all: all,
            excludedCookies: ['excludedCookies'],
            includedCookies: ['includedCookies'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        headers: {
          matchPattern: {
            all: all,
            excludedHeaders: ['excludedHeaders'],
            includedHeaders: ['includedHeaders'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        jsonBody: {
          matchPattern: {
            all: all,
            includedPaths: ['includedPaths'],
          },
          matchScope: 'matchScope',

          // the properties below are optional
          invalidFallbackBehavior: 'invalidFallbackBehavior',
          oversizeHandling: 'oversizeHandling',
        },
        method: method,
        queryString: queryString,
        singleHeader: singleHeader,
        singleQueryArgument: singleQueryArgument,
        uriPath: uriPath,
      },
      textTransformations: [{
        priority: 123,
        type: 'type',
      }],
    },
    sizeConstraintStatement: {
      comparisonOperator: 'comparisonOperator',
      fieldToMatch: {
        allQueryArguments: allQueryArguments,
        body: {
          oversizeHandling: 'oversizeHandling',
        },
        cookies: {
          matchPattern: {
            all: all,
            excludedCookies: ['excludedCookies'],
            includedCookies: ['includedCookies'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        headers: {
          matchPattern: {
            all: all,
            excludedHeaders: ['excludedHeaders'],
            includedHeaders: ['includedHeaders'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        jsonBody: {
          matchPattern: {
            all: all,
            includedPaths: ['includedPaths'],
          },
          matchScope: 'matchScope',

          // the properties below are optional
          invalidFallbackBehavior: 'invalidFallbackBehavior',
          oversizeHandling: 'oversizeHandling',
        },
        method: method,
        queryString: queryString,
        singleHeader: singleHeader,
        singleQueryArgument: singleQueryArgument,
        uriPath: uriPath,
      },
      size: 123,
      textTransformations: [{
        priority: 123,
        type: 'type',
      }],
    },
    sqliMatchStatement: {
      fieldToMatch: {
        allQueryArguments: allQueryArguments,
        body: {
          oversizeHandling: 'oversizeHandling',
        },
        cookies: {
          matchPattern: {
            all: all,
            excludedCookies: ['excludedCookies'],
            includedCookies: ['includedCookies'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        headers: {
          matchPattern: {
            all: all,
            excludedHeaders: ['excludedHeaders'],
            includedHeaders: ['includedHeaders'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        jsonBody: {
          matchPattern: {
            all: all,
            includedPaths: ['includedPaths'],
          },
          matchScope: 'matchScope',

          // the properties below are optional
          invalidFallbackBehavior: 'invalidFallbackBehavior',
          oversizeHandling: 'oversizeHandling',
        },
        method: method,
        queryString: queryString,
        singleHeader: singleHeader,
        singleQueryArgument: singleQueryArgument,
        uriPath: uriPath,
      },
      textTransformations: [{
        priority: 123,
        type: 'type',
      }],

      // the properties below are optional
      sensitivityLevel: 'sensitivityLevel',
    },
    xssMatchStatement: {
      fieldToMatch: {
        allQueryArguments: allQueryArguments,
        body: {
          oversizeHandling: 'oversizeHandling',
        },
        cookies: {
          matchPattern: {
            all: all,
            excludedCookies: ['excludedCookies'],
            includedCookies: ['includedCookies'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        headers: {
          matchPattern: {
            all: all,
            excludedHeaders: ['excludedHeaders'],
            includedHeaders: ['includedHeaders'],
          },
          matchScope: 'matchScope',
          oversizeHandling: 'oversizeHandling',
        },
        jsonBody: {
          matchPattern: {
            all: all,
            includedPaths: ['includedPaths'],
          },
          matchScope: 'matchScope',

          // the properties below are optional
          invalidFallbackBehavior: 'invalidFallbackBehavior',
          oversizeHandling: 'oversizeHandling',
        },
        method: method,
        queryString: queryString,
        singleHeader: singleHeader,
        singleQueryArgument: singleQueryArgument,
        uriPath: uriPath,
      },
      textTransformations: [{
        priority: 123,
        type: 'type',
      }],
    },
  },
  visibilityConfig: {
    cloudWatchMetricsEnabled: false,
    metricName: 'metricName',
    sampledRequestsEnabled: false,
  },

  // the properties below are optional
  action: {
    allow: allow,
    block: block,
    captcha: captcha,
    challenge: challenge,
    count: count,
  },
  captchaConfig: {
    immunityTimeProperty: {
      immunityTime: 123,
    },
  },
  challengeConfig: {
    immunityTimeProperty: {
      immunityTime: 123,
    },
  },
  ruleLabels: [{
    name: 'name',
  }],
};

Properties

NameTypeDescription
namestringThe name of the rule.
prioritynumberIf you define more than one Rule in a WebACL , AWS WAF evaluates each request against the Rules in order based on the value of Priority .
statementIResolvable | StatementPropertyThe AWS WAF processing statement for the rule, for example ByteMatchStatement or SizeConstraintStatement .
visibilityConfigIResolvable | VisibilityConfigPropertyDefines and enables Amazon CloudWatch metrics and web request sample collection.
action?IResolvable | RuleActionPropertyThe action that AWS WAF should take on a web request when it matches the rule statement.
captchaConfig?IResolvable | CaptchaConfigPropertySpecifies how AWS WAF should handle CAPTCHA evaluations.
challengeConfig?IResolvable | ChallengeConfigPropertySpecifies how AWS WAF should handle Challenge evaluations.
ruleLabels?IResolvable | IResolvable | LabelProperty[]Labels to apply to web requests that match the rule match statement.

name

Type: string

The name of the rule.

You can't change the name of a Rule after you create it.


priority

Type: number

If you define more than one Rule in a WebACL , AWS WAF evaluates each request against the Rules in order based on the value of Priority .

AWS WAF processes rules with lower priority first. The priorities don't need to be consecutive, but they must all be different.


statement

Type: IResolvable | StatementProperty

The AWS WAF processing statement for the rule, for example ByteMatchStatement or SizeConstraintStatement .


visibilityConfig

Type: IResolvable | VisibilityConfigProperty

Defines and enables Amazon CloudWatch metrics and web request sample collection.


action?

Type: IResolvable | RuleActionProperty (optional)

The action that AWS WAF should take on a web request when it matches the rule statement.

Settings at the web ACL level can override the rule action setting.


captchaConfig?

Type: IResolvable | CaptchaConfigProperty (optional)

Specifies how AWS WAF should handle CAPTCHA evaluations.

If you don't specify this, AWS WAF uses the CAPTCHA configuration that's defined for the web ACL.


challengeConfig?

Type: IResolvable | ChallengeConfigProperty (optional)

Specifies how AWS WAF should handle Challenge evaluations.

If you don't specify this, AWS WAF uses the challenge configuration that's defined for the web ACL.


ruleLabels?

Type: IResolvable | IResolvable | LabelProperty[] (optional)

Labels to apply to web requests that match the rule match statement.

AWS WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.

Rules that run after this rule in the web ACL can match against these labels using a LabelMatchStatement .

For each label, provide a case-sensitive string containing optional namespaces and a label name, according to the following guidelines:

  • Separate each component of the label with a colon.
  • Each namespace or name can have up to 128 characters.
  • You can specify up to 5 namespaces in a label.
  • Don't use the following reserved words in your label specification: aws , waf , managed , rulegroup , webacl , regexpatternset , or ipset .

For example, myLabelName or nameSpace1:nameSpace2:myLabelName .