AWS::WAFv2::RuleGroup Body

Inspect the body of the web request. The body immediately follows the request headers.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "OversizeHandling" : String }

YAML

OversizeHandling: String

Properties

OversizeHandling

What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to AWS WAF by the underlying host service.

The options for oversize handling are the following:

  • CONTINUE - Inspect the body normally, according to the rule inspection criteria.

  • MATCH - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB.

Default: CONTINUE

Required: No

Type: String

Allowed values: CONTINUE | MATCH | NO_MATCH

Update requires: No interruption

Examples

Set the Body specification

The following shows an example Body field to match specification.

YAML

FieldToMatch: Body: OversizeHandling: MATCH

JSON

"FieldToMatch": { "Body": { "OversizeHandling": "MATCH" } }