Class CfnWebACL.ResponseInspectionProperty
The criteria for inspecting responses to login requests and account creation requests, used by the ATP and ACFP rule groups to track login and account creation success and failure rates.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnWebACL.ResponseInspectionProperty : CfnWebACL.IResponseInspectionPropertySyntax (vb)
Public Class CfnWebACL.ResponseInspectionProperty Implements CfnWebACL.IResponseInspectionPropertyRemarks
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
The rule groups evaluates the responses that your protected resources send back to client login and account creation attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses with too much suspicious activity in a short amount of time.
This is part of the AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet configurations in ManagedRuleGroupConfig .
Enable response inspection by configuring exactly one component of the response to inspect, for example, Header or StatusCode . You can't configure more than one component for inspection. If you don't configure any of the response inspection options, response inspection is disabled.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var responseInspectionProperty = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
};Synopsis
Constructors
| ResponseInspectionProperty() | The criteria for inspecting responses to login requests and account creation requests, used by the ATP and ACFP rule groups to track login and account creation success and failure rates. |
Properties
| BodyContains | Configures inspection of the response body for success and failure indicators. |
| Header | Configures inspection of the response header for success and failure indicators. |
| Json | Configures inspection of the response JSON for success and failure indicators. |
| StatusCode | Configures inspection of the response status code for success and failure indicators. |
Constructors
ResponseInspectionProperty()
The criteria for inspecting responses to login requests and account creation requests, used by the ATP and ACFP rule groups to track login and account creation success and failure rates.
public ResponseInspectionProperty()Remarks
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
The rule groups evaluates the responses that your protected resources send back to client login and account creation attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses with too much suspicious activity in a short amount of time.
This is part of the AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet configurations in ManagedRuleGroupConfig .
Enable response inspection by configuring exactly one component of the response to inspect, for example, Header or StatusCode . You can't configure more than one component for inspection. If you don't configure any of the response inspection options, response inspection is disabled.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var responseInspectionProperty = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
};Properties
BodyContains
Configures inspection of the response body for success and failure indicators.
public object? BodyContains { get; set; }Property Value
Remarks
AWS WAF can inspect the first 65,536 bytes (64 KB) of the response body.
Type union: either IResolvable or CfnWebACL.IResponseInspectionBodyContainsProperty
Header
Configures inspection of the response header for success and failure indicators.
public object? Header { get; set; }Property Value
Remarks
Json
Configures inspection of the response JSON for success and failure indicators.
public object? Json { get; set; }Property Value
Remarks
AWS WAF can inspect the first 65,536 bytes (64 KB) of the response JSON.
Type union: either IResolvable or CfnWebACL.IResponseInspectionJsonProperty
StatusCode
Configures inspection of the response status code for success and failure indicators.
public object? StatusCode { get; set; }