AWS::WAFv2::RuleGroup FieldToMatch
The part of the web request that you want AWS WAF to inspect. Include the single
FieldToMatch type that you want to inspect, with additional specifications
as needed, according to the type. You specify a single request component in
FieldToMatch for each rule statement that requires it. To inspect more than
one component of the web request, create a separate rule statement for each
component.
Example JSON for a QueryString field to match:
"FieldToMatch": { "QueryString": {} }
Example JSON for a Method field to match specification:
"FieldToMatch": { "Method": { "Name": "DELETE" } }
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "AllQueryArguments" :Json, "Body" :Body, "Cookies" :Cookies, "Headers" :Headers, "JsonBody" :JsonBody, "Method" :Json, "QueryString" :Json, "SingleHeader" :SingleHeader, "SingleQueryArgument" :SingleQueryArgument, "UriPath" :Json}
YAML
AllQueryArguments:JsonBody:BodyCookies:CookiesHeaders:HeadersJsonBody:JsonBodyMethod:JsonQueryString:JsonSingleHeader:SingleHeaderSingleQueryArgument:SingleQueryArgumentUriPath:Json
Properties
AllQueryArguments-
Inspect all query arguments.
Required: No
Type: Json
Update requires: No interruption
Body-
Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
A limited amount of the request body is forwarded to AWS WAF for inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions, you can increase the limit in the web ACL's
AssociationConfig, for additional processing fees.For information about how to handle oversized request bodies, see the
Bodyobject configuration.Required: No
Type: Body
Update requires: No interruption
-
Inspect the request cookies. You must configure scope and pattern matching filters in the
Cookiesobject, to define the set of cookies and the parts of the cookies that AWS WAF inspects.Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the
Cookiesobject. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.Required: No
Type: Cookies
Update requires: No interruption
Headers-
Inspect the request headers. You must configure scope and pattern matching filters in the
Headersobject, to define the set of headers to and the parts of the headers that AWS WAF inspects.Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the
Headersobject. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.Required: No
Type: Headers
Update requires: No interruption
JsonBody-
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
A limited amount of the request body is forwarded to AWS WAF for inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions, you can increase the limit in the web ACL's
AssociationConfig, for additional processing fees.For information about how to handle oversized request bodies, see the
JsonBodyobject configuration.Required: No
Type: JsonBody
Update requires: No interruption
Method-
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
Required: No
Type: Json
Update requires: No interruption
QueryString-
Inspect the query string. This is the part of a URL that appears after a
?character, if any.Required: No
Type: Json
Update requires: No interruption
SingleHeader-
Inspect a single header. Provide the name of the header to inspect, for example,
User-AgentorReferer. This setting isn't case sensitive.Example JSON:
"SingleHeader": { "Name": "haystack" }Alternately, you can filter and inspect all headers with the
HeadersFieldToMatchsetting.Required: No
Type: SingleHeader
Update requires: No interruption
SingleQueryArgument-
Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Example JSON:
"SingleQueryArgument": { "Name": "myArgument" }Required: No
Type: SingleQueryArgument
Update requires: No interruption
UriPath-
Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
/images/daily-ad.jpg.Required: No
Type: Json
Update requires: No interruption
Examples
Set the field to match to QueryString
The following shows an example field to match specification for a setting that doesn't requires additional configuration.
YAML
FieldToMatch: QueryString: {}
JSON
"FieldToMatch": { "QueryString": {} }
Set the field to match to Method
The following shows an example field to match specification for a setting that has additional configuration requirements.
YAML
FieldToMatch: Method: Name: DELETE
JSON
"FieldToMatch": { "Method": { "Name": "DELETE" } }
