AWS::WAFv2::WebACL FieldToMatch
This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.
The part of a web request that you want AWS WAF to inspect. Include the FieldToMatch
types that you want to inspect, with additional specifications as needed, according
to the type.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "AllQueryArguments" :
Json
, "Body" :Json
, "Method" :Json
, "QueryString" :Json
, "SingleHeader" :Json
, "SingleQueryArgument" :Json
, "UriPath" :Json
}
YAML
AllQueryArguments:
Json
Body:Json
Method:Json
QueryString:Json
SingleHeader:Json
SingleQueryArgument:Json
UriPath:Json
Properties
AllQueryArguments
-
Inspect all query arguments.
Required: No
Type: Json
Update requires: No interruption
Body
-
Inspect the request body, which immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
Note that only the first 8 KB (8192 bytes) of the request body are forwarded to AWS WAF for inspection. If you don't need to inspect more than 8 KB, you can guarantee that you don't allow additional bytes in by combining a statement that inspects the body of the web request, such as ByteMatchStatement or RegexPatternSetReferenceStatement, with a SizeConstraintStatement that enforces an 8 KB size limit on the body of the request. AWS WAF doesn't support inspecting the entire contents of web requests whose bodies exceed the 8 KB limit.
Required: No
Type: Json
Update requires: No interruption
Method
-
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
Required: No
Type: Json
Update requires: No interruption
QueryString
-
Inspect the query string. This is the part of a URL that appears after a
?
character, if any.Required: No
Type: Json
Update requires: No interruption
SingleHeader
-
Inspect a single header. Provide the name of the header to inspect, for example,
User-Agent
orReferer
. This setting isn't case sensitive.Required: No
Type: Json
Update requires: No interruption
SingleQueryArgument
-
Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Required: No
Type: Json
Update requires: No interruption
UriPath
-
Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg
.Required: No
Type: Json
Update requires: No interruption