AWS::WAFv2::RuleGroup RuleAction

The action that AWS WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Allow" : AllowAction,
  "Block" : BlockAction,
  "Captcha" : CaptchaAction,
  "Challenge" : ChallengeAction,
  "Count" : CountAction
}

YAML


  Allow: 
    AllowAction
  Block: 
    BlockAction
  Captcha: 
    CaptchaAction
  Challenge: 
    ChallengeAction
  Count: 
    CountAction

Properties

Allow

Instructs AWS WAF to allow the web request.

Required: No

Type: AllowAction

Update requires: No interruption

Block

Instructs AWS WAF to block the web request.

Required: No

Type: BlockAction

Update requires: No interruption

Captcha

Specifies that AWS WAF should run a CAPTCHA check against the request:

If the request includes a valid, unexpired CAPTCHA token, AWS WAF allows the web request inspection to proceed to the next rule, similar to a CountAction.
If the request doesn't include a valid, unexpired CAPTCHA token, AWS WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.

AWS WAF generates a response that it sends back to the client, which includes the following:
- The header x-amzn-waf-action with a value of captcha.
- The HTTP status code 405 Method Not Allowed.
- If the request contains an Accept header with a value of text/html, the response includes a CAPTCHA challenge.

You can configure the expiration time in the CaptchaConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.

This action option is available for rules. It isn't available for web ACL default actions.

Required: No

Type: CaptchaAction

Update requires: No interruption

Challenge

Instructs AWS WAF to run a Challenge check against the web request.

Required: No

Type: ChallengeAction

Update requires: No interruption

Count

Instructs AWS WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL.

Required: No

Type: CountAction

Update requires: No interruption

Examples

Set an allow action

The following shows an example allow action specification.

YAML


Action:
  Allow: {}

JSON


"Action": {
  "Allow": {}
}

Set an allow action with a custom request setting

The following shows an example allow action specification with custom request handling.

YAML


Action:
  Allow:
    CustomRequestHandling:
      InsertHeaders:
        - Name: AllowActionHeader1Name
          Value: AllowActionHeader1Value
        - Name: AllowActionHeader2Name
          Value: AllowActionHeader2Value

JSON


"Action": {
  "Allow": {
    "CustomRequestHandling": {
      "InsertHeaders": [
        {
          "Name": "AllowActionHeader1Name",
          "Value": "AllowActionHeader1Value"
        },
        {
          "Name": "AllowActionHeader2Name",
          "Value": "AllowActionHeader2Value"
        }
      ]
    }
  }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Rule

SingleHeader