AWS::WAF::SizeConstraintSet
Note
This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.
For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A complex type that contains SizeConstraint objects, which specify the parts of web requests that you
want AWS WAF to inspect the size of. If a SizeConstraintSet contains more than one SizeConstraint
object, a request only needs to match one constraint to be considered a match.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::WAF::SizeConstraintSet", "Properties" : { "Name" :String, "SizeConstraints" :[ SizeConstraint, ... ]} }
YAML
Type: AWS::WAF::SizeConstraintSet Properties: Name:StringSizeConstraints:- SizeConstraint
Properties
Name-
The name, if any, of the
SizeConstraintSet.Required: Yes
Type: String
Minimum:
1Maximum:
128Pattern:
.*\S.*Update requires: Replacement
SizeConstraints-
The size constraint and the part of the web request to check.
Required: Yes
Type: List of SizeConstraint
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.
For more information about using the Reffunction, see Ref.
Examples
Define a Size Constraint
The following example checks that the body of an HTTP request equals 4096 bytes.
JSON
"MySizeConstraint": { "Type": "AWS::WAF::SizeConstraintSet", "Properties": { "Name": "SizeConstraints", "SizeConstraints": [ { "ComparisonOperator": "EQ", "FieldToMatch": { "Type": "BODY" }, "Size": "4096", "TextTransformation": "NONE" } ] } }
YAML
MySizeConstraint: Type: "AWS::WAF::SizeConstraintSet" Properties: Name: "SizeConstraints" SizeConstraints: - ComparisonOperator: "EQ" FieldToMatch: Type: "BODY" Size: "4096" TextTransformation: "NONE"
Associate a SizeConstraintSet with a Web ACL Rule
The following example associates the MySizeConstraint object with a web ACL rule.
JSON
"SizeConstraintRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "SizeConstraintRule", "MetricName" : "SizeConstraintRule", "Predicates": [ { "DataId" : { "Ref" : "MySizeConstraint" }, "Negated" : false, "Type" : "SizeConstraint" } ] } }
YAML
SizeConstraintRule: Type: "AWS::WAF::Rule" Properties: Name: "SizeConstraintRule" MetricName: "SizeConstraintRule" Predicates: - DataId: Ref: "MySizeConstraint" Negated: false Type: "SizeConstraint"
Create a Web ACL
The following example associates the SizeConstraintRule rule with a web ACL. The web ACL blocks all requests except for requests with a body size equal to 4096 bytes.
JSON
"MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "Web ACL to allow requests with a specific size", "DefaultAction": { "Type": "BLOCK" }, "MetricName" : "SizeConstraintWebACL", "Rules": [ { "Action" : { "Type" : "ALLOW" }, "Priority" : 1, "RuleId" : { "Ref" : "SizeConstraintRule" } } ] } }
YAML
MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "Web ACL to allow requests with a specific size" DefaultAction: Type: "BLOCK" MetricName: "SizeConstraintWebACL" Rules: - Action: Type: "ALLOW" Priority: 1 RuleId: Ref: "SizeConstraintRule"
