Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::WAF::ByteMatchSet

The AWS::WAF::ByteMatchSet resource creates an AWS WAF ByteMatchSet that identifies a part of a web request that you want to inspect. For more information, see CreateByteMatchSet in the AWS WAF API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::WAF::ByteMatchSet", "Properties" : { "ByteMatchTuples" : [ Byte match tuple, ... ], "Name" : String } }

YAML

Copy
Type: "AWS::WAF::ByteMatchSet" Properties: ByteMatchTuples: - Byte match tuple Name: String

Properties

ByteMatchTuples

Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests.

Required: No

Type: List of AWS WAF ByteMatchSet ByteMatchTuples

Update requires: No interruption

Name

A friendly name or description of the ByteMatchSet.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Examples

HTTP Referers

The following example defines a set of HTTP referers to match.

JSON

Copy
"BadReferers": { "Type": "AWS::WAF::ByteMatchSet", "Properties": { "Name": "ByteMatch for matching bad HTTP referers", "ByteMatchTuples": [ { "FieldToMatch" : { "Type": "HEADER", "Data": "referer" }, "TargetString" : "badrefer1", "TextTransformation" : "NONE", "PositionalConstraint" : "CONTAINS" }, { "FieldToMatch" : { "Type": "HEADER", "Data": "referer" }, "TargetString" : "badrefer2", "TextTransformation" : "NONE", "PositionalConstraint" : "CONTAINS" } ] } }

YAML

Copy
BadReferers: Type: "AWS::WAF::ByteMatchSet" Properties: Name: "ByteMatch for matching bad HTTP referers" ByteMatchTuples: - FieldToMatch: Type: "HEADER" Data: "referer" TargetString: "badrefer1" TextTransformation: "NONE" PositionalConstraint: "CONTAINS" - FieldToMatch: Type: "HEADER" Data: "referer" TargetString: "badrefer2" TextTransformation: "NONE" PositionalConstraint: "CONTAINS"

Associate a ByteMatchSet with a Web ACL Rule

The following example associates the BadReferers byte match set with a web access control list (ACL) rule.

JSON

Copy
"BadReferersRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "BadReferersRule", "MetricName" : "BadReferersRule", "Predicates": [ { "DataId" : { "Ref" : "BadReferers" }, "Negated" : false, "Type" : "ByteMatch" } ] } }

YAML

Copy
BadReferersRule: Type: "AWS::WAF::Rule" Properties: Name: "BadReferersRule" MetricName: "BadReferersRule" Predicates: - DataId: Ref: "BadReferers" Negated: false Type: "ByteMatch"

Create a Web ACL

The following example associates the BadReferersRule rule with a web ACL. The web ACL allows all requests except for ones with referers that match the BadReferersRule rule.

JSON

Copy
"MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "WebACL to block blacklisted IP addresses", "DefaultAction": { "Type": "ALLOW" }, "MetricName" : "MyWebACL", "Rules": [ { "Action" : { "Type" : "BLOCK" }, "Priority" : 1, "RuleId" : { "Ref" : "BadReferersRule" } } ] } }

YAML

Copy
MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "WebACL to block blacklisted IP addresses" DefaultAction: Type: "ALLOW" MetricName: "MyWebACL" Rules: - Action: Type: "BLOCK" Priority: 1 RuleId: Ref: "BadReferersRule"