Interface CfnWebACL.IClientSideActionProperty
This is part of the AWSManagedRulesAntiDDoSRuleSet ClientSideActionConfig configuration in ManagedRuleGroupConfig .
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface CfnWebACL.IClientSideActionPropertySyntax (vb)
Public Interface CfnWebACL.IClientSideActionPropertyRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var clientSideActionProperty = new ClientSideActionProperty {
UsageOfAction = "usageOfAction",
// the properties below are optional
ExemptUriRegularExpressions = new [] { new RegexProperty {
RegexString = "regexString"
} },
Sensitivity = "sensitivity"
};Synopsis
Properties
| ExemptUriRegularExpressions | The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. |
| Sensitivity | The sensitivity that the rule group rule |
| UsageOfAction | Determines whether to use the |
Properties
ExemptUriRegularExpressions
The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge.
object? ExemptUriRegularExpressions { get; }Property Value
Remarks
When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request . If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.
The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.
AWS recommends using a regular expression.
This setting is required if UsageOfAction is set to ENABLED . If required, you can provide between 1 and 5 regex objects in the array of settings.
AWS recommends starting with the following setting. Review and update it for your application's needs:
/api/|.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$
Type union: either IResolvable or (either IResolvable or CfnWebACL.IRegexProperty)[]
Sensitivity
The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request.
string? Sensitivity { get; }Property Value
Remarks
The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.
The higher the sensitivity, the more levels of labeling that the rule matches:
Default: HIGH
UsageOfAction
Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request .
string UsageOfAction { get; }Property Value
Remarks
This setting only enables or disables the use of the two anti-DDOS rules <code>ChallengeAllDuringEvent</code> and <code>ChallengeDDoSRequests</code> in the anti-DDoS managed rule group.
This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests , enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.