Package software.amazon.awscdk.services.wafv2
@Stability(Experimental)
package software.amazon.awscdk.services.wafv2
AWS::WAFv2 Construct Library
---
All classes with the
Cfnprefix in this module (CFN Resources) are always stable and safe to use.
This module is part of the AWS Cloud Development Kit project.
import software.amazon.awscdk.services.wafv2.*;
There are no official hand-written (L2) constructs for this service yet. Here are some suggestions on how to proceed:
- Search Construct Hub for WAFv2 construct libraries
- Use the automatically generated L1 constructs, in the same way you would use the CloudFormation AWS::WAFv2 resources directly.
There are no hand-written (L2) constructs for this service yet. However, you can still use the automatically generated L1 constructs, and use this service exactly as you would using CloudFormation directly.
For more information on the resources and properties available for this service, see the CloudFormation documentation for AWS::WAFv2.
(Read the CDK Contributing Guide and submit an RFC if you are interested in contributing to this construct library.)
-
ClassDescriptionA CloudFormation `AWS::WAFv2::IPSet`.A fluent builder for
CfnIPSet.Properties for defining a `CfnIPSet`.A builder forCfnIPSetPropsAn implementation forCfnIPSetPropsA CloudFormation `AWS::WAFv2::LoggingConfiguration`.A single action condition for a condition in a logging filter.A builder forCfnLoggingConfiguration.ActionConditionPropertyAn implementation forCfnLoggingConfiguration.ActionConditionPropertyA fluent builder forCfnLoggingConfiguration.A single match condition for a log filter.A builder forCfnLoggingConfiguration.ConditionPropertyAn implementation forCfnLoggingConfiguration.ConditionPropertyThe parts of the request that you want to keep out of the logs.A builder forCfnLoggingConfiguration.FieldToMatchPropertyAn implementation forCfnLoggingConfiguration.FieldToMatchPropertyA single logging filter, used in `LoggingFilter` .A builder forCfnLoggingConfiguration.FilterPropertyAn implementation forCfnLoggingConfiguration.FilterPropertyInspect the body of the web request as JSON.A builder forCfnLoggingConfiguration.JsonBodyPropertyAn implementation forCfnLoggingConfiguration.JsonBodyPropertyA single label name condition for a condition in a logging filter.A builder forCfnLoggingConfiguration.LabelNameConditionPropertyAn implementation forCfnLoggingConfiguration.LabelNameConditionPropertyFiltering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's `LoggingConfiguration` .A builder forCfnLoggingConfiguration.LoggingFilterPropertyAn implementation forCfnLoggingConfiguration.LoggingFilterPropertyThe patterns to look for in the JSON body.A builder forCfnLoggingConfiguration.MatchPatternPropertyAn implementation forCfnLoggingConfiguration.MatchPatternPropertyInspect one of the headers in the web request, identified by name, for example, `User-Agent` or `Referer` .A builder forCfnLoggingConfiguration.SingleHeaderPropertyAn implementation forCfnLoggingConfiguration.SingleHeaderPropertyProperties for defining a `CfnLoggingConfiguration`.A builder forCfnLoggingConfigurationPropsAn implementation forCfnLoggingConfigurationPropsA CloudFormation `AWS::WAFv2::RegexPatternSet`.A fluent builder forCfnRegexPatternSet.Properties for defining a `CfnRegexPatternSet`.A builder forCfnRegexPatternSetPropsAn implementation forCfnRegexPatternSetPropsA CloudFormation `AWS::WAFv2::RuleGroup`.Example:A builder forCfnRuleGroup.AllowPropertyAn implementation forCfnRuleGroup.AllowPropertyA logical rule statement used to combine other rule statements with AND logic.A builder forCfnRuleGroup.AndStatementPropertyAn implementation forCfnRuleGroup.AndStatementPropertyExample:A builder forCfnRuleGroup.BlockPropertyAn implementation forCfnRuleGroup.BlockPropertyInspect the body of the web request.A builder forCfnRuleGroup.BodyPropertyAn implementation forCfnRuleGroup.BodyPropertyA fluent builder forCfnRuleGroup.A rule statement that defines a string match search for AWS WAF to apply to web requests.A builder forCfnRuleGroup.ByteMatchStatementPropertyAn implementation forCfnRuleGroup.ByteMatchStatementPropertySpecifies how AWS WAF should handle `CAPTCHA` evaluations.A builder forCfnRuleGroup.CaptchaConfigPropertyAn implementation forCfnRuleGroup.CaptchaConfigPropertyExample:A builder forCfnRuleGroup.CaptchaPropertyAn implementation forCfnRuleGroup.CaptchaPropertySpecifies how AWS WAF should handle `Challenge` evaluations.A builder forCfnRuleGroup.ChallengeConfigPropertyAn implementation forCfnRuleGroup.ChallengeConfigPropertyExample:A builder forCfnRuleGroup.ChallengePropertyAn implementation forCfnRuleGroup.ChallengePropertyThe filter to use to identify the subset of cookies to inspect in a web request.A builder forCfnRuleGroup.CookieMatchPatternPropertyAn implementation forCfnRuleGroup.CookieMatchPatternPropertyInspect the cookies in the web request.A builder forCfnRuleGroup.CookiesPropertyAn implementation forCfnRuleGroup.CookiesPropertyExample:A builder forCfnRuleGroup.CountPropertyAn implementation forCfnRuleGroup.CountPropertyA custom header for custom request and response handling.A builder forCfnRuleGroup.CustomHTTPHeaderPropertyAn implementation forCfnRuleGroup.CustomHTTPHeaderPropertyCustom request handling behavior that inserts custom headers into a web request.A builder forCfnRuleGroup.CustomRequestHandlingPropertyAn implementation forCfnRuleGroup.CustomRequestHandlingPropertyThe response body to use in a custom response to a web request.A builder forCfnRuleGroup.CustomResponseBodyPropertyAn implementation forCfnRuleGroup.CustomResponseBodyPropertyA custom response to send to the client.A builder forCfnRuleGroup.CustomResponsePropertyAn implementation forCfnRuleGroup.CustomResponsePropertyThe part of the web request that you want AWS WAF to inspect.A builder forCfnRuleGroup.FieldToMatchPropertyAn implementation forCfnRuleGroup.FieldToMatchPropertyThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.A builder forCfnRuleGroup.ForwardedIPConfigurationPropertyAn implementation forCfnRuleGroup.ForwardedIPConfigurationPropertyA rule statement that labels web requests by country and region and that matches against web requests based on country code.A builder forCfnRuleGroup.GeoMatchStatementPropertyAn implementation forCfnRuleGroup.GeoMatchStatementPropertyThe filter to use to identify the subset of headers to inspect in a web request.A builder forCfnRuleGroup.HeaderMatchPatternPropertyAn implementation forCfnRuleGroup.HeaderMatchPatternPropertyInspect all headers in the web request.A builder forCfnRuleGroup.HeadersPropertyAn implementation forCfnRuleGroup.HeadersPropertyUsed for CAPTCHA and challenge token settings.A builder forCfnRuleGroup.ImmunityTimePropertyPropertyAn implementation forCfnRuleGroup.ImmunityTimePropertyPropertyThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.A builder forCfnRuleGroup.IPSetForwardedIPConfigurationPropertyAn implementation forCfnRuleGroup.IPSetForwardedIPConfigurationPropertyA rule statement used to detect web requests coming from particular IP addresses or address ranges.A builder forCfnRuleGroup.IPSetReferenceStatementPropertyAn implementation forCfnRuleGroup.IPSetReferenceStatementPropertyInspect the body of the web request as JSON.A builder forCfnRuleGroup.JsonBodyPropertyAn implementation forCfnRuleGroup.JsonBodyPropertyThe patterns to look for in the JSON body.A builder forCfnRuleGroup.JsonMatchPatternPropertyAn implementation forCfnRuleGroup.JsonMatchPatternPropertyA rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.A builder forCfnRuleGroup.LabelMatchStatementPropertyAn implementation forCfnRuleGroup.LabelMatchStatementPropertyA single label container.A builder forCfnRuleGroup.LabelPropertyAn implementation forCfnRuleGroup.LabelPropertyList of labels used by one or more of the rules of a `RuleGroup` .A builder forCfnRuleGroup.LabelSummaryPropertyAn implementation forCfnRuleGroup.LabelSummaryPropertyA logical rule statement used to negate the results of another rule statement.A builder forCfnRuleGroup.NotStatementPropertyAn implementation forCfnRuleGroup.NotStatementPropertyA logical rule statement used to combine other rule statements with OR logic.A builder forCfnRuleGroup.OrStatementPropertyAn implementation forCfnRuleGroup.OrStatementPropertyA rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span.A builder forCfnRuleGroup.RateBasedStatementPropertyAn implementation forCfnRuleGroup.RateBasedStatementPropertyA rule statement used to search web request components for a match against a single regular expression.A builder forCfnRuleGroup.RegexMatchStatementPropertyAn implementation forCfnRuleGroup.RegexMatchStatementPropertyA rule statement used to search web request components for matches with regular expressions.A builder forCfnRuleGroup.RegexPatternSetReferenceStatementPropertyAn implementation forCfnRuleGroup.RegexPatternSetReferenceStatementPropertyThe action that AWS WAF should take on a web request when it matches a rule's statement.A builder forCfnRuleGroup.RuleActionPropertyAn implementation forCfnRuleGroup.RuleActionPropertyA single rule, which you can use in a `WebACL` or `RuleGroup` to identify web requests that you want to allow, block, or count.A builder forCfnRuleGroup.RulePropertyAn implementation forCfnRuleGroup.RulePropertyInspect one of the headers in the web request, identified by name, for example, `User-Agent` or `Referer` .A builder forCfnRuleGroup.SingleHeaderPropertyAn implementation forCfnRuleGroup.SingleHeaderPropertyInspect one query argument in the web request, identified by name, for example *UserName* or *SalesRegion* .A builder forCfnRuleGroup.SingleQueryArgumentPropertyAn implementation forCfnRuleGroup.SingleQueryArgumentPropertyA rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (invalid input: '<').A builder forCfnRuleGroup.SizeConstraintStatementPropertyAn implementation forCfnRuleGroup.SizeConstraintStatementPropertyA rule statement that inspects for malicious SQL code.A builder forCfnRuleGroup.SqliMatchStatementPropertyAn implementation forCfnRuleGroup.SqliMatchStatementPropertyThe processing guidance for a rule, used by AWS WAF to determine whether a web request matches the rule.A builder forCfnRuleGroup.StatementPropertyAn implementation forCfnRuleGroup.StatementPropertyText transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.A builder forCfnRuleGroup.TextTransformationPropertyAn implementation forCfnRuleGroup.TextTransformationPropertyDefines and enables Amazon CloudWatch metrics and web request sample collection.A builder forCfnRuleGroup.VisibilityConfigPropertyAn implementation forCfnRuleGroup.VisibilityConfigPropertyA rule statement that inspects for cross-site scripting (XSS) attacks.A builder forCfnRuleGroup.XssMatchStatementPropertyAn implementation forCfnRuleGroup.XssMatchStatementPropertyProperties for defining a `CfnRuleGroup`.A builder forCfnRuleGroupPropsAn implementation forCfnRuleGroupPropsA CloudFormation `AWS::WAFv2::WebACL`.Specifies that AWS WAF should allow the request and optionally defines additional custom handling for the request.A builder forCfnWebACL.AllowActionPropertyAn implementation forCfnWebACL.AllowActionPropertyA logical rule statement used to combine other rule statements with AND logic.A builder forCfnWebACL.AndStatementPropertyAn implementation forCfnWebACL.AndStatementPropertyDetails for your use of the account takeover prevention managed rule group, `AWSManagedRulesATPRuleSet` .A builder forCfnWebACL.AWSManagedRulesATPRuleSetPropertyAn implementation forCfnWebACL.AWSManagedRulesATPRuleSetPropertyDetails for your use of the Bot Control managed rule group, used in `ManagedRuleGroupConfig` .A builder forCfnWebACL.AWSManagedRulesBotControlRuleSetPropertyAn implementation forCfnWebACL.AWSManagedRulesBotControlRuleSetPropertySpecifies that AWS WAF should block the request and optionally defines additional custom handling for the response to the web request.A builder forCfnWebACL.BlockActionPropertyAn implementation forCfnWebACL.BlockActionPropertyInspect the body of the web request.A builder forCfnWebACL.BodyPropertyAn implementation forCfnWebACL.BodyPropertyA fluent builder forCfnWebACL.A rule statement that defines a string match search for AWS WAF to apply to web requests.A builder forCfnWebACL.ByteMatchStatementPropertyAn implementation forCfnWebACL.ByteMatchStatementPropertySpecifies that AWS WAF should run a `CAPTCHA` check against the request:.A builder forCfnWebACL.CaptchaActionPropertyAn implementation forCfnWebACL.CaptchaActionPropertySpecifies how AWS WAF should handle `CAPTCHA` evaluations for rules that don't have their own `CaptchaConfig` settings.A builder forCfnWebACL.CaptchaConfigPropertyAn implementation forCfnWebACL.CaptchaConfigPropertySpecifies that AWS WAF should run a `Challenge` check against the request to verify that the request is coming from a legitimate client session: - If the request includes a valid, unexpired challenge token, AWS WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a `CountAction` .A builder forCfnWebACL.ChallengeActionPropertyAn implementation forCfnWebACL.ChallengeActionPropertySpecifies how AWS WAF should handle `Challenge` evaluations.A builder forCfnWebACL.ChallengeConfigPropertyAn implementation forCfnWebACL.ChallengeConfigPropertyThe filter to use to identify the subset of cookies to inspect in a web request.A builder forCfnWebACL.CookieMatchPatternPropertyAn implementation forCfnWebACL.CookieMatchPatternPropertyInspect the cookies in the web request.A builder forCfnWebACL.CookiesPropertyAn implementation forCfnWebACL.CookiesPropertySpecifies that AWS WAF should count the request.A builder forCfnWebACL.CountActionPropertyAn implementation forCfnWebACL.CountActionPropertyA custom header for custom request and response handling.A builder forCfnWebACL.CustomHTTPHeaderPropertyAn implementation forCfnWebACL.CustomHTTPHeaderPropertyCustom request handling behavior that inserts custom headers into a web request.A builder forCfnWebACL.CustomRequestHandlingPropertyAn implementation forCfnWebACL.CustomRequestHandlingPropertyThe response body to use in a custom response to a web request.A builder forCfnWebACL.CustomResponseBodyPropertyAn implementation forCfnWebACL.CustomResponseBodyPropertyA custom response to send to the client.A builder forCfnWebACL.CustomResponsePropertyAn implementation forCfnWebACL.CustomResponsePropertyIn a `WebACL` , this is the action that you want AWS WAF to perform when a web request doesn't match any of the rules in the `WebACL` .A builder forCfnWebACL.DefaultActionPropertyAn implementation forCfnWebACL.DefaultActionPropertySpecifies a single rule in a rule group whose action you want to override to `Count` .A builder forCfnWebACL.ExcludedRulePropertyAn implementation forCfnWebACL.ExcludedRulePropertyThe identifier of the username or password field, used in the `ManagedRuleGroupConfig` settings.A builder forCfnWebACL.FieldIdentifierPropertyAn implementation forCfnWebACL.FieldIdentifierPropertyThe part of the web request that you want AWS WAF to inspect.A builder forCfnWebACL.FieldToMatchPropertyAn implementation forCfnWebACL.FieldToMatchPropertyThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.A builder forCfnWebACL.ForwardedIPConfigurationPropertyAn implementation forCfnWebACL.ForwardedIPConfigurationPropertyA rule statement that labels web requests by country and region and that matches against web requests based on country code.A builder forCfnWebACL.GeoMatchStatementPropertyAn implementation forCfnWebACL.GeoMatchStatementPropertyThe filter to use to identify the subset of headers to inspect in a web request.A builder forCfnWebACL.HeaderMatchPatternPropertyAn implementation forCfnWebACL.HeaderMatchPatternPropertyInspect all headers in the web request.A builder forCfnWebACL.HeadersPropertyAn implementation forCfnWebACL.HeadersPropertyUsed for CAPTCHA and challenge token settings.A builder forCfnWebACL.ImmunityTimePropertyPropertyAn implementation forCfnWebACL.ImmunityTimePropertyPropertyThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.A builder forCfnWebACL.IPSetForwardedIPConfigurationPropertyAn implementation forCfnWebACL.IPSetForwardedIPConfigurationPropertyA rule statement used to detect web requests coming from particular IP addresses or address ranges.A builder forCfnWebACL.IPSetReferenceStatementPropertyAn implementation forCfnWebACL.IPSetReferenceStatementPropertyInspect the body of the web request as JSON.A builder forCfnWebACL.JsonBodyPropertyAn implementation forCfnWebACL.JsonBodyPropertyThe patterns to look for in the JSON body.A builder forCfnWebACL.JsonMatchPatternPropertyAn implementation forCfnWebACL.JsonMatchPatternPropertyA rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.A builder forCfnWebACL.LabelMatchStatementPropertyAn implementation forCfnWebACL.LabelMatchStatementPropertyA single label container.A builder forCfnWebACL.LabelPropertyAn implementation forCfnWebACL.LabelPropertyAdditional information that's used by a managed rule group.A builder forCfnWebACL.ManagedRuleGroupConfigPropertyAn implementation forCfnWebACL.ManagedRuleGroupConfigPropertyA rule statement used to run the rules that are defined in a managed rule group.A builder forCfnWebACL.ManagedRuleGroupStatementPropertyAn implementation forCfnWebACL.ManagedRuleGroupStatementPropertyA logical rule statement used to negate the results of another rule statement.A builder forCfnWebACL.NotStatementPropertyAn implementation forCfnWebACL.NotStatementPropertyA logical rule statement used to combine other rule statements with OR logic.A builder forCfnWebACL.OrStatementPropertyAn implementation forCfnWebACL.OrStatementPropertyThe action to use in the place of the action that results from the rule group evaluation.A builder forCfnWebACL.OverrideActionPropertyAn implementation forCfnWebACL.OverrideActionPropertyA rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span.A builder forCfnWebACL.RateBasedStatementPropertyAn implementation forCfnWebACL.RateBasedStatementPropertyA rule statement used to search web request components for a match against a single regular expression.A builder forCfnWebACL.RegexMatchStatementPropertyAn implementation forCfnWebACL.RegexMatchStatementPropertyA rule statement used to search web request components for matches with regular expressions.A builder forCfnWebACL.RegexPatternSetReferenceStatementPropertyAn implementation forCfnWebACL.RegexPatternSetReferenceStatementPropertyThe criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.A builder forCfnWebACL.RequestInspectionPropertyAn implementation forCfnWebACL.RequestInspectionPropertyConfigures inspection of the response body.A builder forCfnWebACL.ResponseInspectionBodyContainsPropertyAn implementation forCfnWebACL.ResponseInspectionBodyContainsPropertyConfigures inspection of the response header.A builder forCfnWebACL.ResponseInspectionHeaderPropertyAn implementation forCfnWebACL.ResponseInspectionHeaderPropertyConfigures inspection of the response JSON.A builder forCfnWebACL.ResponseInspectionJsonPropertyAn implementation forCfnWebACL.ResponseInspectionJsonPropertyThe criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.A builder forCfnWebACL.ResponseInspectionPropertyAn implementation forCfnWebACL.ResponseInspectionPropertyConfigures inspection of the response status code.A builder forCfnWebACL.ResponseInspectionStatusCodePropertyAn implementation forCfnWebACL.ResponseInspectionStatusCodePropertyAction setting to use in the place of a rule action that is configured inside the rule group.A builder forCfnWebACL.RuleActionOverridePropertyAn implementation forCfnWebACL.RuleActionOverridePropertyThe action that AWS WAF should take on a web request when it matches a rule's statement.A builder forCfnWebACL.RuleActionPropertyAn implementation forCfnWebACL.RuleActionPropertyA rule statement used to run the rules that are defined in a `RuleGroup` .A builder forCfnWebACL.RuleGroupReferenceStatementPropertyAn implementation forCfnWebACL.RuleGroupReferenceStatementPropertyA single rule, which you can use in a `WebACL` or `RuleGroup` to identify web requests that you want to allow, block, or count.A builder forCfnWebACL.RulePropertyAn implementation forCfnWebACL.RulePropertyInspect one of the headers in the web request, identified by name, for example, `User-Agent` or `Referer` .A builder forCfnWebACL.SingleHeaderPropertyAn implementation forCfnWebACL.SingleHeaderPropertyInspect one query argument in the web request, identified by name, for example *UserName* or *SalesRegion* .A builder forCfnWebACL.SingleQueryArgumentPropertyAn implementation forCfnWebACL.SingleQueryArgumentPropertyA rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (invalid input: '<').A builder forCfnWebACL.SizeConstraintStatementPropertyAn implementation forCfnWebACL.SizeConstraintStatementPropertyA rule statement that inspects for malicious SQL code.A builder forCfnWebACL.SqliMatchStatementPropertyAn implementation forCfnWebACL.SqliMatchStatementPropertyThe processing guidance for a rule, used by AWS WAF to determine whether a web request matches the rule.A builder forCfnWebACL.StatementPropertyAn implementation forCfnWebACL.StatementPropertyText transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.A builder forCfnWebACL.TextTransformationPropertyAn implementation forCfnWebACL.TextTransformationPropertyDefines and enables Amazon CloudWatch metrics and web request sample collection.A builder forCfnWebACL.VisibilityConfigPropertyAn implementation forCfnWebACL.VisibilityConfigPropertyA rule statement that inspects for cross-site scripting (XSS) attacks.A builder forCfnWebACL.XssMatchStatementPropertyAn implementation forCfnWebACL.XssMatchStatementPropertyA CloudFormation `AWS::WAFv2::WebACLAssociation`.A fluent builder forCfnWebACLAssociation.Properties for defining a `CfnWebACLAssociation`.A builder forCfnWebACLAssociationPropsAn implementation forCfnWebACLAssociationPropsProperties for defining a `CfnWebACL`.A builder forCfnWebACLPropsAn implementation forCfnWebACLProps