public static interface CfnFirewallRuleGroup.FirewallRuleProperty
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.route53resolver.*; FirewallRuleProperty firewallRuleProperty = FirewallRuleProperty.builder() .action("action") .firewallDomainListId("firewallDomainListId") .priority(123) // the properties below are optional .blockOverrideDnsType("blockOverrideDnsType") .blockOverrideDomain("blockOverrideDomain") .blockOverrideTtl(123) .blockResponse("blockResponse") .build();
Modifier and Type | Interface and Description |
---|---|
static class |
CfnFirewallRuleGroup.FirewallRuleProperty.Builder
A builder for
CfnFirewallRuleGroup.FirewallRuleProperty |
static class |
CfnFirewallRuleGroup.FirewallRuleProperty.Jsii$Proxy
An implementation for
CfnFirewallRuleGroup.FirewallRuleProperty |
Modifier and Type | Method and Description |
---|---|
static CfnFirewallRuleGroup.FirewallRuleProperty.Builder |
builder() |
java.lang.String |
getAction()
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: - `ALLOW` - Permit the request to go through.
|
default java.lang.String |
getBlockOverrideDnsType()
The DNS record's type.
|
default java.lang.String |
getBlockOverrideDomain()
The custom DNS record to send back in response to the query.
|
default java.lang.Number |
getBlockOverrideTtl()
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record.
|
default java.lang.String |
getBlockResponse()
The way that you want DNS Firewall to block the request.
|
java.lang.String |
getFirewallDomainListId()
The ID of the domain list that's used in the rule.
|
java.lang.Number |
getPriority()
The priority of the rule in the rule group.
|
java.lang.String getAction()
ALERT
- Permit the request to go through but send an alert to the logs.BLOCK
- Disallow the request. If this is specified,then BlockResponse
must also be specified.
if BlockResponse
is OVERRIDE
, then all of the following OVERRIDE
attributes must be specified:
BlockOverrideDnsType
BlockOverrideDomain
BlockOverrideTtl
java.lang.String getFirewallDomainListId()
java.lang.Number getPriority()
This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
default java.lang.String getBlockOverrideDnsType()
This determines the format of the record value that you provided in BlockOverrideDomain
. Used for the rule action BLOCK
with a BlockResponse
setting of OVERRIDE
.
default java.lang.String getBlockOverrideDomain()
Used for the rule action BLOCK
with a BlockResponse
setting of OVERRIDE
.
default java.lang.Number getBlockOverrideTtl()
Used for the rule action BLOCK
with a BlockResponse
setting of OVERRIDE
.
default java.lang.String getBlockResponse()
NODATA
- Respond indicating that the query was successful, but no response is available for it.NXDOMAIN
- Respond indicating that the domain name that's in the query doesn't exist.OVERRIDE
- Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride*
settings.static CfnFirewallRuleGroup.FirewallRuleProperty.Builder builder()