Interface CfnWebACL.IManagedRuleGroupStatementProperty

A rule statement used to run the rules that are defined in a managed rule group.

Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IManagedRuleGroupStatementProperty
Syntax (vb)
Public Interface IManagedRuleGroupStatementProperty
Remarks

To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names through the API call ListAvailableManagedRuleGroups .

You cannot nest a ManagedRuleGroupStatement , for example for use inside a NotStatement or OrStatement . You cannot use a managed rule group statement inside another rule group. You can only use a managed rule group statement as a top-level statement in a rule that you define in a web ACL.

You are charged additional fees when you use the AWS WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet , the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet , or the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet . For more information, see AWS WAF Pricing .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html

ExampleMetadata: fixture=_generated

Synopsis

Properties

ExcludedRules

Rules in the referenced rule group whose actions are set to Count .
ManagedRuleGroupConfigs

Additional information that's used by a managed rule group. Many managed rule groups don't require this.
Name

The name of the managed rule group.
RuleActionOverrides

Action settings to use in the place of the rule actions that are configured inside the rule group.
ScopeDownStatement

An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.
VendorName

The name of the managed rule group vendor.
Version

The version of the managed rule group to use.

Properties

ExcludedRules

Rules in the referenced rule group whose actions are set to Count .

virtual object ExcludedRules { get; }
Property Value

System.Object

Remarks

Instead of this option, use RuleActionOverrides . It accepts any valid action setting, including Count .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-excludedrules

ManagedRuleGroupConfigs

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

virtual object ManagedRuleGroupConfigs { get; }
Property Value

System.Object

Remarks

The rule groups used for intelligent threat mitigation require additional configuration:

    See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-managedrulegroupconfigs

    Name

    The name of the managed rule group.

    string Name { get; }
    Property Value

    System.String

    Remarks

    You use this, along with the vendor name, to identify the rule group.

    See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-name

    RuleActionOverrides

    Action settings to use in the place of the rule actions that are configured inside the rule group.

    virtual object RuleActionOverrides { get; }
    Property Value

    System.Object

    Remarks

    You specify one override for each rule whose action you want to change.

    Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting.

    You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

    See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-ruleactionoverrides

    ScopeDownStatement

    An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.

    virtual object ScopeDownStatement { get; }
    Property Value

    System.Object

    Remarks

    Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.

    See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-scopedownstatement

    VendorName

    The name of the managed rule group vendor.

    string VendorName { get; }
    Property Value

    System.String

    Remarks

    You use this, along with the rule group name, to identify a rule group.

    See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-vendorname

    Version

    The version of the managed rule group to use.

    virtual string Version { get; }
    Property Value

    System.String

    Remarks

    If you specify this, the version setting is fixed until you change it. If you don't specify this, AWS WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.

    See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-version