WebAclRule

Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.

Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

Labels to apply to web requests that match the rule match statement. See rule_label below for details.

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.