AWS::WAFRegional::SizeConstraintSet
Note
Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.
For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A complex type that contains SizeConstraint
objects, which specify the parts of web requests that you
want AWS WAF to inspect the size of. If a SizeConstraintSet
contains more than one SizeConstraint
object, a request only needs to match one constraint to be considered a match.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::WAFRegional::SizeConstraintSet", "Properties" : { "Name" :
String
, "SizeConstraints" :[ SizeConstraint, ... ]
} }
YAML
Type: AWS::WAFRegional::SizeConstraintSet Properties: Name:
String
SizeConstraints:- SizeConstraint
Properties
Name
-
The name, if any, of the
SizeConstraintSet
.Required: Yes
Type: String
Pattern:
.*\S.*
Minimum:
1
Maximum:
128
Update requires: Replacement
SizeConstraints
-
The size constraint and the part of the web request to check.
Required: No
Type: Array of SizeConstraint
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
Examples
Define a Size Constraint
The following example checks that the body of an HTTP request equals 4096
bytes.
JSON
"MySizeConstraint": { "Type": "AWS::WAFRegional::SizeConstraintSet", "Properties": { "Name": "SizeConstraints", "SizeConstraints": [ { "ComparisonOperator": "EQ", "FieldToMatch": { "Type": "BODY" }, "Size": "4096", "TextTransformation": "NONE" } ] } }
YAML
MySizeConstraint: Type: "AWS::WAFRegional::SizeConstraintSet" Properties: Name: "SizeConstraints" SizeConstraints: - ComparisonOperator: "EQ" FieldToMatch: Type: "BODY" Size: "4096" TextTransformation: "NONE"
Associate a SizeConstraintSet with a Web ACL Rule
The following example associates the MySizeConstraint
object with a web ACL rule.
JSON
"SizeConstraintRule" : { "Type": "AWS::WAFRegional::Rule", "Properties": { "Name": "SizeConstraintRule", "MetricName" : "SizeConstraintRule", "Predicates": [ { "DataId" : { "Ref" : "MySizeConstraint" }, "Negated" : false, "Type" : "SizeConstraint" } ] } }
YAML
SizeConstraintRule: Type: "AWS::WAFRegional::Rule" Properties: Name: "SizeConstraintRule" MetricName: "SizeConstraintRule" Predicates: - DataId: Ref: "MySizeConstraint" Negated: false Type: "SizeConstraint"
Create a Web ACL
The following example associates the SizeConstraintRule
rule with a web ACL. The web ACL blocks all requests except for requests with a body size equal to 4096
bytes.
JSON
"MyWebACL": { "Type": "AWS::WAFRegional::WebACL", "Properties": { "Name": "Web ACL to allow requests with a specific size", "DefaultAction": { "Type": "BLOCK" }, "MetricName" : "SizeConstraintWebACL", "Rules": [ { "Action" : { "Type" : "ALLOW" }, "Priority" : 1, "RuleId" : { "Ref" : "SizeConstraintRule" } } ] } }
YAML
MyWebACL: Type: "AWS::WAFRegional::WebACL" Properties: Name: "Web ACL to allow requests with a specific size" DefaultAction: Type: "BLOCK" MetricName: "SizeConstraintWebACL" Rules: - Action: Type: "ALLOW" Priority: 1 RuleId: Ref: "SizeConstraintRule"