AWS::WAFRegional::SizeConstraintSet - AWS CloudFormation

AWS::WAFRegional::SizeConstraintSet

Note

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

A complex type that contains SizeConstraint objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a SizeConstraintSet contains more than one SizeConstraint object, a request only needs to match one constraint to be considered a match.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::WAFRegional::SizeConstraintSet", "Properties" : { "Name" : String, "SizeConstraints" : [ SizeConstraint, ... ] } }

YAML

Type: AWS::WAFRegional::SizeConstraintSet Properties: Name: String SizeConstraints: - SizeConstraint

Properties

Name

The name, if any, of the SizeConstraintSet.

Required: Yes

Type: String

Pattern: .*\S.*

Minimum: 1

Maximum: 128

Update requires: Replacement

SizeConstraints

The size constraint and the part of the web request to check.

Required: No

Type: Array of SizeConstraint

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Examples

Define a Size Constraint

The following example checks that the body of an HTTP request equals 4096 bytes.

JSON

"MySizeConstraint": { "Type": "AWS::WAFRegional::SizeConstraintSet", "Properties": { "Name": "SizeConstraints", "SizeConstraints": [ { "ComparisonOperator": "EQ", "FieldToMatch": { "Type": "BODY" }, "Size": "4096", "TextTransformation": "NONE" } ] } }

YAML

MySizeConstraint: Type: "AWS::WAFRegional::SizeConstraintSet" Properties: Name: "SizeConstraints" SizeConstraints: - ComparisonOperator: "EQ" FieldToMatch: Type: "BODY" Size: "4096" TextTransformation: "NONE"

Associate a SizeConstraintSet with a Web ACL Rule

The following example associates the MySizeConstraint object with a web ACL rule.

JSON

"SizeConstraintRule" : { "Type": "AWS::WAFRegional::Rule", "Properties": { "Name": "SizeConstraintRule", "MetricName" : "SizeConstraintRule", "Predicates": [ { "DataId" : { "Ref" : "MySizeConstraint" }, "Negated" : false, "Type" : "SizeConstraint" } ] } }

YAML

SizeConstraintRule: Type: "AWS::WAFRegional::Rule" Properties: Name: "SizeConstraintRule" MetricName: "SizeConstraintRule" Predicates: - DataId: Ref: "MySizeConstraint" Negated: false Type: "SizeConstraint"

Create a Web ACL

The following example associates the SizeConstraintRule rule with a web ACL. The web ACL blocks all requests except for requests with a body size equal to 4096 bytes.

JSON

"MyWebACL": { "Type": "AWS::WAFRegional::WebACL", "Properties": { "Name": "Web ACL to allow requests with a specific size", "DefaultAction": { "Type": "BLOCK" }, "MetricName" : "SizeConstraintWebACL", "Rules": [ { "Action" : { "Type" : "ALLOW" }, "Priority" : 1, "RuleId" : { "Ref" : "SizeConstraintRule" } } ] } }

YAML

MyWebACL: Type: "AWS::WAFRegional::WebACL" Properties: Name: "Web ACL to allow requests with a specific size" DefaultAction: Type: "BLOCK" MetricName: "SizeConstraintWebACL" Rules: - Action: Type: "ALLOW" Priority: 1 RuleId: Ref: "SizeConstraintRule"