Interface CfnRuleGroup.IFieldToMatchProperty
Specifies a web request component to be used in a rule match statement or in a logging configuration.
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface CfnRuleGroup.IFieldToMatchPropertySyntax (vb)
Public Interface CfnRuleGroup.IFieldToMatchPropertyRemarks
Example JSON for a QueryString field to match:
"FieldToMatch": { "QueryString": {} }
Example JSON for a Method field to match specification:
"FieldToMatch": { "Method": { "Name": "DELETE" } }
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var all;
var allQueryArguments;
var method;
var queryString;
var singleHeader;
var singleQueryArgument;
var uriPath;
var fieldToMatchProperty = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
HeaderOrder = new HeaderOrderProperty {
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Ja3Fingerprint = new JA3FingerprintProperty {
FallbackBehavior = "fallbackBehavior"
},
Ja4Fingerprint = new JA4FingerprintProperty {
FallbackBehavior = "fallbackBehavior"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriFragment = new UriFragmentProperty {
FallbackBehavior = "fallbackBehavior"
},
UriPath = uriPath
};Synopsis
Properties
| AllQueryArguments | Inspect all query arguments. |
| Body | Inspect the request body as plain text. |
| Cookies | Inspect the request cookies. |
| HeaderOrder | The string containing the list of a web request's header names, ordered as they appear in the web request, separated by colons. |
| Headers | Inspect the request headers. |
| Ja3Fingerprint | Available for use with Amazon CloudFront distributions and Application Load Balancers. |
| Ja4Fingerprint | Available for use with Amazon CloudFront distributions and Application Load Balancers. |
| JsonBody | Inspect the request body as JSON. |
| Method | Inspect the HTTP method. |
| QueryString | Inspect the query string. |
| SingleHeader | Inspect a single header. |
| SingleQueryArgument | Inspect a single query argument. |
| UriFragment | Inspect fragments of the request URI. |
| UriPath | Inspect the request URI path. |
Properties
AllQueryArguments
Inspect all query arguments.
object? AllQueryArguments { get; }Property Value
Remarks
Body
Inspect the request body as plain text.
object? Body { get; }Property Value
Remarks
The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.
For information about how to handle oversized request bodies, see the Body object configuration.
Type union: either IResolvable or CfnRuleGroup.IBodyProperty
Cookies
Inspect the request cookies.
object? Cookies { get; }Property Value
Remarks
You must configure scope and pattern matching filters in the Cookies object, to define the set of cookies and the parts of the cookies that AWS WAF inspects.
Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the Cookies object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
Type union: either IResolvable or CfnRuleGroup.ICookiesProperty
HeaderOrder
The string containing the list of a web request's header names, ordered as they appear in the web request, separated by colons.
object? HeaderOrder { get; }Property Value
Remarks
Headers
Inspect the request headers.
object? Headers { get; }Property Value
Remarks
You must configure scope and pattern matching filters in the Headers object, to define the set of headers to and the parts of the headers that AWS WAF inspects.
Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the Headers object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
Type union: either IResolvable or CfnRuleGroup.IHeadersProperty
Ja3Fingerprint
Available for use with Amazon CloudFront distributions and Application Load Balancers.
object? Ja3Fingerprint { get; }Property Value
Remarks
Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match <code>ByteMatchStatement</code> with the <code>PositionalConstraint</code> set to <code>EXACTLY</code> .
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
Type union: either IResolvable or CfnRuleGroup.IJA3FingerprintProperty
Ja4Fingerprint
Available for use with Amazon CloudFront distributions and Application Load Balancers.
object? Ja4Fingerprint { get; }Property Value
Remarks
Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match <code>ByteMatchStatement</code> with the <code>PositionalConstraint</code> set to <code>EXACTLY</code> .
You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .
Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
Type union: either IResolvable or CfnRuleGroup.IJA4FingerprintProperty
JsonBody
Inspect the request body as JSON.
object? JsonBody { get; }Property Value
Remarks
The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.
For information about how to handle oversized request bodies, see the JsonBody object configuration.
Type union: either IResolvable or CfnRuleGroup.IJsonBodyProperty
Method
Inspect the HTTP method.
object? Method { get; }Property Value
Remarks
The method indicates the type of operation that the request is asking the origin to perform.
QueryString
Inspect the query string.
object? QueryString { get; }Property Value
Remarks
This is the part of a URL that appears after a ? character, if any.
SingleHeader
Inspect a single header.
object? SingleHeader { get; }Property Value
Remarks
Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn't case sensitive.
Example JSON: "SingleHeader": { "Name": "haystack" }
Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.
SingleQueryArgument
Inspect a single query argument.
object? SingleQueryArgument { get; }Property Value
Remarks
Provide the name of the query argument to inspect, such as UserName or SalesRegion . The name can be up to 30 characters long and isn't case sensitive.
Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
UriFragment
Inspect fragments of the request URI.
object? UriFragment { get; }Property Value
Remarks
You must configure scope and pattern matching filters in the UriFragment object, to define the fragment of a URI that AWS WAF inspects.
Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the UriFragment object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
Type union: either IResolvable or CfnRuleGroup.IUriFragmentProperty
UriPath
Inspect the request URI path.
object? UriPath { get; }Property Value
Remarks
This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .