Interface CfnWebACL.IAWSManagedRulesATPRuleSetProperty
Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet .
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface CfnWebACL.IAWSManagedRulesATPRuleSetPropertySyntax (vb)
Public Interface CfnWebACL.IAWSManagedRulesATPRuleSetPropertyRemarks
This configuration is used in ManagedRuleGroupConfig .
For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in AWS WAF and AWS Managed Rules rule groups list in the AWS WAF Developer Guide .
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var aWSManagedRulesATPRuleSetProperty = new AWSManagedRulesATPRuleSetProperty {
LoginPath = "loginPath",
// the properties below are optional
EnableRegexInPath = false,
RequestInspection = new RequestInspectionProperty {
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
},
ResponseInspection = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
}
};Synopsis
Properties
| EnableRegexInPath | Allow the use of regular expressions in the login page path. |
| LoginPath | The path of the login endpoint for your application. |
| RequestInspection | The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. |
| ResponseInspection | The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. |
Properties
EnableRegexInPath
Allow the use of regular expressions in the login page path.
object? EnableRegexInPath { get; }Property Value
Remarks
LoginPath
The path of the login endpoint for your application.
string LoginPath { get; }Property Value
Remarks
For example, for the URL https://example.com/web/login , you would provide the path /web/login . Login paths that start with the path that you provide are considered a match. For example /web/login matches the login paths /web/login , /web/login/ , /web/loginPage , and /web/login/thisPage , but doesn't match the login path /home/web/login or /website/login .
The rule group inspects only HTTP POST requests to your specified login endpoint.
RequestInspection
The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
object? RequestInspection { get; }Property Value
Remarks
ResponseInspection
The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
object? ResponseInspection { get; }Property Value
Remarks
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.
Type union: either IResolvable or CfnWebACL.IResponseInspectionProperty