Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS WAF Regional Rule Predicates

Predicates is a property of the AWS::WAFRegional::Rule resource that specifies the ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in an AWS WAF Regional rule. If you add more than one predicate to a rule, an incoming request must match all of the specifications in the predicates to be allowed or blocked.

Syntax

JSON

Copy
{ "DataId" : String, "Negated" : Boolean, "Type" : String }

YAML

Copy
DataId: String Negated: Boolean Type: String

Properties

DataId

The unique identifier of a predicate, such as the ID of a ByteMatchSet or IPSet.

Required: Yes

Type: String

Negated

Whether to use the settings or the negated settings that you specified in the ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects.

If you want AWS WAF to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects, specify false. For example, if an IPSet object includes the IP address 192.0.2.44, AWS WAF allows, blocks, or counts requests originating from that IP address.

If you want AWS WAF to allow, block, or count requests based on the negated settings in the ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects, specify true. For example, if an IPSet object includes the IP address 192.0.2.44, AWS WAF allows, blocks, or counts requests originating from all IP addresses except 192.0.2.44.

Required: Yes

Type: Boolean

Type

The type of predicate in a rule, such as an IPSet (IPMatch). For valid values, see the Type contents of the Predicate data type in the AWS WAF Regional API Reference.

Required: Yes

Type: String

On this page: