public static interface CfnFirewallRuleGroup.FirewallRuleProperty
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.route53resolver.*;
FirewallRuleProperty firewallRuleProperty = FirewallRuleProperty.builder()
.action("action")
.firewallDomainListId("firewallDomainListId")
.priority(123)
// the properties below are optional
.blockOverrideDnsType("blockOverrideDnsType")
.blockOverrideDomain("blockOverrideDomain")
.blockOverrideTtl(123)
.blockResponse("blockResponse")
.build();
| Modifier and Type | Interface and Description |
|---|---|
static class |
CfnFirewallRuleGroup.FirewallRuleProperty.Builder
A builder for
CfnFirewallRuleGroup.FirewallRuleProperty |
static class |
CfnFirewallRuleGroup.FirewallRuleProperty.Jsii$Proxy
An implementation for
CfnFirewallRuleGroup.FirewallRuleProperty |
| Modifier and Type | Method and Description |
|---|---|
static CfnFirewallRuleGroup.FirewallRuleProperty.Builder |
builder() |
java.lang.String |
getAction()
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: - `ALLOW` - Permit the request to go through.
|
default java.lang.String |
getBlockOverrideDnsType()
The DNS record's type.
|
default java.lang.String |
getBlockOverrideDomain()
The custom DNS record to send back in response to the query.
|
default java.lang.Number |
getBlockOverrideTtl()
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record.
|
default java.lang.String |
getBlockResponse()
The way that you want DNS Firewall to block the request.
|
java.lang.String |
getFirewallDomainListId()
The ID of the domain list that's used in the rule.
|
java.lang.Number |
getPriority()
The priority of the rule in the rule group.
|
java.lang.String getAction()
ALERT - Permit the request to go through but send an alert to the logs.BLOCK - Disallow the request. If this is specified,then BlockResponse must also be specified.
if BlockResponse is OVERRIDE , then all of the following OVERRIDE attributes must be specified:
BlockOverrideDnsTypeBlockOverrideDomainBlockOverrideTtljava.lang.String getFirewallDomainListId()
java.lang.Number getPriority()
This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
default java.lang.String getBlockOverrideDnsType()
This determines the format of the record value that you provided in BlockOverrideDomain . Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE .
default java.lang.String getBlockOverrideDomain()
Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE .
default java.lang.Number getBlockOverrideTtl()
Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE .
default java.lang.String getBlockResponse()
NODATA - Respond indicating that the query was successful, but no response is available for it.NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.static CfnFirewallRuleGroup.FirewallRuleProperty.Builder builder()