Package-level declarations
Types
A single action condition.
A single label name condition.
A key-value pair to associate with a resource.
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
Allow traffic towards application.
Block traffic towards application.
The body of a web request. This immediately follows the request headers.
Byte Match statement.
Checks valid token exists with request.
Checks that the request has a valid token with an unexpired challenge timestamp and, if not, returns a browser challenge to the client.
Includes cookies of a web request.
Count traffic towards application.
HTTP header.
Custom request handling.
Custom response.
Custom response body.
Field of the request to match.
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn't case sensitive. Example JSON: "SingleHeader": { "Name": "haystack" } Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Includes headers of a web request.
Includes the JA3 fingerprint of a web request.
Inspect the request body as JSON. The request body immediately follows the request headers.
The pattern to look for in the JSON body.
Specifies a single custom aggregate key for a rate-base rule.
Specifies a cookie as an aggregate key for a rate-based rule.
Specifies the first IP address in an HTTP header as an aggregate key for a rate-based rule.
Specifies a header as an aggregate key for a rate-based rule.
Specifies the request's HTTP method as an aggregate key for a rate-based rule.
Specifies the IP address in the web request as an aggregate key for a rate-based rule.
Specifies a label namespace to use as an aggregate key for a rate-based rule.
Specifies a query argument in the request as an aggregate key for a rate-based rule.
Specifies the request's query string as an aggregate key for a rate-based rule.
Specifies the request's URI Path as an aggregate key for a rate-based rule.
Rule of RuleGroup that contains condition and action.
Action taken when Rule matches its condition.
Size Constraint statement.
Sqli Match Statement.
First level statement that contains conditions, such as ByteMatch, SizeConstraint, etc
Text Transformation on the Search String before match.
Visibility Metric of the RuleGroup.
Xss Match Statement.
Allow traffic towards application.
AssociationConfig for body inspection
Configures how to use the Account creation fraud prevention managed rule group in the web ACL
Configures how to use the Account Takeover Prevention managed rule group in the web ACL
Configures how to use the Bot Control managed rule group in the web ACL
Block traffic towards application.
The body of a web request. This immediately follows the request headers.
Byte Match statement.
Checks valid token exists with request.
Checks that the request has a valid token with an unexpired challenge timestamp and, if not, returns a browser challenge to the client.
Includes cookies of a web request.
Allow traffic towards application.
HTTP header.
Custom request handling.
Custom response.
Custom response body.
Default Action WebACL will take against ingress traffic when there is no matching Rule.
Excluded Rule in the RuleGroup or ManagedRuleGroup will not be evaluated.
Field of the request to match.
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn't case sensitive. Example JSON: "SingleHeader": { "Name": "haystack" } Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Includes headers of a web request.
Includes the JA3 fingerprint of a web request.
Inspect the request body as JSON. The request body immediately follows the request headers.
The pattern to look for in the JSON body.
ManagedRuleGroupConfig.
Override a RuleGroup or ManagedRuleGroup behavior. This can only be applied to Rule that has RuleGroupReferenceStatement or ManagedRuleGroupReferenceStatement.
Specifies a single custom aggregate key for a rate-base rule.
Specifies a cookie as an aggregate key for a rate-based rule.
Specifies the first IP address in an HTTP header as an aggregate key for a rate-based rule.
Specifies a header as an aggregate key for a rate-based rule.
Specifies the request's HTTP method as an aggregate key for a rate-based rule.
Specifies the IP address in the web request as an aggregate key for a rate-based rule.
Specifies a label namespace to use as an aggregate key for a rate-based rule.
Specifies a query argument in the request as an aggregate key for a rate-based rule.
Specifies the request's query string as an aggregate key for a rate-based rule.
Specifies the request's URI Path as an aggregate key for a rate-based rule.
Configures the inspection size in the request body.
Configures the inspection of login requests
Configures the inspection of sign-up requests
Configures the inspection of login responses
Response body contents that indicate success or failure of a login request
Response status codes that indicate success or failure of a login request
Rule of WebACL that contains condition and action.
Action taken when Rule matches its condition.
Action override for rules in the rule group.
Size Constraint statement.
Sqli Match Statement.
First level statement that contains conditions, such as ByteMatch, SizeConstraint, etc
Text Transformation on the Search String before match.
Visibility Metric of the WebACL.
Xss Match Statement.