AWS::WAFv2::WebACL ManagedRuleGroupConfig
Additional information that's used by a managed rule group. Many managed rule groups don't require this.
Use the AWSManagedRulesBotControlRuleSet
configuration object to configure the
protection level that you want the Bot Control rule group to use.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "AWSManagedRulesATPRuleSet" :
AWSManagedRulesATPRuleSet
, "AWSManagedRulesBotControlRuleSet" :AWSManagedRulesBotControlRuleSet
, "LoginPath" :String
, "PasswordField" :FieldIdentifier
, "PayloadType" :String
, "UsernameField" :FieldIdentifier
}
YAML
AWSManagedRulesATPRuleSet:
AWSManagedRulesATPRuleSet
AWSManagedRulesBotControlRuleSet:AWSManagedRulesBotControlRuleSet
LoginPath:String
PasswordField:FieldIdentifier
PayloadType:String
UsernameField:FieldIdentifier
Properties
AWSManagedRulesATPRuleSet
-
Additional configuration for using the account takeover prevention (ATP) managed rule group,
AWSManagedRulesATPRuleSet
. Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.This configuration replaces the individual configuration fields in
ManagedRuleGroupConfig
and provides additional feature configuration.For information about using the ATP managed rule group, see AWS WAF Fraud Control account takeover prevention (ATP) rule group and AWS WAF Fraud Control account takeover prevention (ATP) in the AWS WAF Developer Guide.
Required: No
Type: AWSManagedRulesATPRuleSet
Update requires: No interruption
AWSManagedRulesBotControlRuleSet
-
Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. For information about using the Bot Control managed rule group, see AWS WAF Bot Control rule group and AWS WAF Bot Control in the AWS WAF Developer Guide.
Required: No
Type: AWSManagedRulesBotControlRuleSet
Update requires: No interruption
LoginPath
-
Note Instead of this setting, provide your configuration under
AWSManagedRulesATPRuleSet
.Required: No
Type: String
Minimum:
1
Maximum:
256
Pattern:
.*\S.*
Update requires: No interruption
PasswordField
-
Note Instead of this setting, provide your configuration under
AWSManagedRulesATPRuleSet
RequestInspection
.Required: No
Type: FieldIdentifier
Update requires: No interruption
PayloadType
-
Note Instead of this setting, provide your configuration under
AWSManagedRulesATPRuleSet
RequestInspection
.Required: No
Type: String
Allowed values:
FORM_ENCODED | JSON
Update requires: No interruption
UsernameField
-
Note Instead of this setting, provide your configuration under
AWSManagedRulesATPRuleSet
RequestInspection
.Required: No
Type: FieldIdentifier
Update requires: No interruption