AWS::WAFv2::WebACL RequestInspection

The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.

This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.

In these settings, you specify how your application accepts login attempts by providing the request payload type and the names of the fields within the request body where the username and password are provided.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "PasswordField" : FieldIdentifier,
  "PayloadType" : String,
  "UsernameField" : FieldIdentifier
}

YAML


  PasswordField: 
    FieldIdentifier
  PayloadType: String
  UsernameField: 
    FieldIdentifier

Properties

PasswordField

The name of the field in the request payload that contains your customer's password.

How you specify this depends on the request inspection payload type.

For JSON payloads, specify the field name in JSON pointer syntax. For information about the JSON Pointer syntax, see the Internet Engineering Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer.

For example, for the JSON payload { "form": { "password": "THE_PASSWORD" } }, the password field specification is /form/password.
For form encoded payload types, use the HTML form names.

For example, for an HTML form with the input element named password1, the password field specification is password1.

Required: Yes

Type: FieldIdentifier

Update requires: No interruption

PayloadType

The payload type for your login endpoint, either JSON or form encoded.

Required: Yes

Type: String

Allowed values: JSON | FORM_ENCODED

Update requires: No interruption

UsernameField

The name of the field in the request payload that contains your customer's username.

How you specify this depends on the request inspection payload type.

For JSON payloads, specify the field name in JSON pointer syntax. For information about the JSON Pointer syntax, see the Internet Engineering Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer.

For example, for the JSON payload { "form": { "username": "THE_USERNAME" } }, the username field specification is /form/username.
For form encoded payload types, use the HTML form names.

For example, for an HTML form with the input element named username1, the username field specification is username1

Required: Yes

Type: FieldIdentifier

Update requires: No interruption

Examples

Configure the request inspection fields for a JSON payload
Configure the request inspection fields for a form encoded payload

Configure the request inspection fields for a JSON payload

The following shows an example RequestInspection for a JSON payload type.

YAML


RequestInspection:
  PayloadType: JSON
  UsernameField:
    Identifier: /form/username
  PasswordField:
    Identifier: /form/password

JSON


"RequestInspection": {
      "PayloadType": "JSON",
      "UsernameField": {
          "Identifier": "/form/username"
      },
      "PasswordField": {
          "Identifier": "/form/password"
      }
  }

Configure the request inspection fields for a form encoded payload

The following shows an example RequestInspection for a form encoded payload type.

YAML


RequestInspection:
  PayloadType: FORM_ENCODED
  UsernameField:
    Identifier: username
  PasswordField:
    Identifier: password

JSON


"RequestInspection": {
      "PayloadType": "FORM_ENCODED",
      "UsernameField": {
          "Identifier": "username"
      },
      "PasswordField": {
          "Identifier": "password"
      }
  }

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

RequestBodyAssociatedResourceTypeConfig

RequestInspectionACFP