@Generated(value="jsii-pacmak/1.60.0 (build ebcefe6)", date="2022-06-22T23:27:53.050Z") public class CfnRateBasedRule extends CfnResource implements IInspectable
This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.
For the latest version of AWS WAF , use the AWS WAF V2 API and see the AWS WAF Developer Guide . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A RateBasedRule
is identical to a regular Rule
, with one addition: a RateBasedRule
counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a RateBasedRule
that includes the following conditions:
BadBot
in the User-Agent
header.In the rule, you also define the rate limit as 15,000.
Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.
Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.waf.regional.*; CfnRateBasedRule cfnRateBasedRule = CfnRateBasedRule.Builder.create(this, "MyCfnRateBasedRule") .metricName("metricName") .name("name") .rateKey("rateKey") .rateLimit(123) // the properties below are optional .matchPredicates(List.of(PredicateProperty.builder() .dataId("dataId") .negated(false) .type("type") .build())) .build();
Modifier and Type | Class and Description |
---|---|
static class |
CfnRateBasedRule.Builder
A fluent builder for
CfnRateBasedRule . |
static interface |
CfnRateBasedRule.PredicateProperty
Specifies the `ByteMatchSet` , `IPSet` , `SqlInjectionMatchSet` , `XssMatchSet` , `RegexMatchSet` , `GeoMatchSet` , and `SizeConstraintSet` objects that you want to add to a `Rule` and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.
|
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
IConstruct.Jsii$Default
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
|
Modifier | Constructor and Description |
---|---|
|
CfnRateBasedRule(Construct scope,
java.lang.String id,
CfnRateBasedRuleProps props)
Create a new `AWS::WAFRegional::RateBasedRule`.
|
protected |
CfnRateBasedRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
CfnRateBasedRule(software.amazon.jsii.JsiiObjectRef objRef) |
Modifier and Type | Method and Description |
---|---|
protected java.util.Map<java.lang.String,java.lang.Object> |
getCfnProperties() |
java.lang.Object |
getMatchPredicates()
The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
|
java.lang.String |
getMetricName()
A name for the metrics for a `RateBasedRule` .
|
java.lang.String |
getName()
A friendly name or description for a `RateBasedRule` .
|
java.lang.String |
getRateKey()
The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.
|
java.lang.Number |
getRateLimit()
The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.
|
void |
inspect(TreeInspector inspector)
Examines the CloudFormation resource and discloses attributes.
|
protected java.util.Map<java.lang.String,java.lang.Object> |
renderProperties(java.util.Map<java.lang.String,java.lang.Object> props) |
void |
setMatchPredicates(IResolvable value)
The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
|
void |
setMatchPredicates(java.util.List<java.lang.Object> value)
The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
|
void |
setMetricName(java.lang.String value)
A name for the metrics for a `RateBasedRule` .
|
void |
setName(java.lang.String value)
A friendly name or description for a `RateBasedRule` .
|
void |
setRateKey(java.lang.String value)
The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.
|
void |
setRateLimit(java.lang.Number value)
The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.
|
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
getRef
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
public static final java.lang.String CFN_RESOURCE_TYPE_NAME
protected CfnRateBasedRule(software.amazon.jsii.JsiiObjectRef objRef)
protected CfnRateBasedRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public CfnRateBasedRule(Construct scope, java.lang.String id, CfnRateBasedRuleProps props)
scope
- - scope in which this resource is defined. This parameter is required.id
- - scoped id of the resource. This parameter is required.props
- - resource properties. This parameter is required.public void inspect(TreeInspector inspector)
inspect
in interface IInspectable
inspector
- - tree inspector to collect and process attributes. This parameter is required.protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
renderProperties
in class CfnResource
props
- This parameter is required.protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()
getCfnProperties
in class CfnResource
public java.lang.String getMetricName()
The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule
.
public void setMetricName(java.lang.String value)
The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule
.
public java.lang.String getName()
You can't change the name of a RateBasedRule
after you create it.
public void setName(java.lang.String value)
You can't change the name of a RateBasedRule
after you create it.
public java.lang.String getRateKey()
The only valid value for RateKey
is IP
. IP
indicates that requests arriving from the same IP address are subject to the RateLimit
that is specified in the RateBasedRule
.
public void setRateKey(java.lang.String value)
The only valid value for RateKey
is IP
. IP
indicates that requests arriving from the same IP address are subject to the RateLimit
that is specified in the RateBasedRule
.
public java.lang.Number getRateLimit()
If the number of requests exceeds the RateLimit
and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.
public void setRateLimit(java.lang.Number value)
If the number of requests exceeds the RateLimit
and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.
public java.lang.Object getMatchPredicates()
public void setMatchPredicates(IResolvable value)
public void setMatchPredicates(java.util.List<java.lang.Object> value)