Class CfnRuleGroup.RulesSourceListProperty
Stateful inspection criteria for a domain list rule group.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class RulesSourceListProperty : Object, CfnRuleGroup.IRulesSourceListProperty
Syntax (vb)
Public Class RulesSourceListProperty
Inherits Object
Implements CfnRuleGroup.IRulesSourceListProperty
Remarks
For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.
By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET
rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleGroup.RuleVariables
in this guide and Stateful domain list rule groups in AWS Network Firewall in the Network Firewall Developer Guide
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var rulesSourceListProperty = new RulesSourceListProperty {
GeneratedRulesType = "generatedRulesType",
Targets = new [] { "targets" },
TargetTypes = new [] { "targetTypes" }
};
Synopsis
Constructors
RulesSourceListProperty() |
Properties
GeneratedRulesType | Whether you want to allow or deny access to the domains in your target list. |
Targets | The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:. |
TargetTypes | The types of targets to inspect for. |
Constructors
RulesSourceListProperty()
public RulesSourceListProperty()
Properties
GeneratedRulesType
Whether you want to allow or deny access to the domains in your target list.
public string GeneratedRulesType { get; set; }
Property Value
System.String
Remarks
Targets
The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:.
public string[] Targets { get; set; }
Property Value
System.String[]
Remarks
TargetTypes
The types of targets to inspect for.
public string[] TargetTypes { get; set; }
Property Value
System.String[]
Remarks
Valid values are TLS_SNI
and HTTP_HOST
.