Class CfnWebACL.RuleProperty
A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to manage in some way.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class RuleProperty : Object, CfnWebACL.IRulePropertySyntax (vb)
Public Class RuleProperty
Inherits Object
Implements CfnWebACL.IRulePropertyRemarks
Each rule includes one top-level Statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html
ExampleMetadata: fixture=_generated
Synopsis
Constructors
| Rule |
Properties
| Action | The action that AWS WAF should take on a web request when it matches the rule's statement. |
| Captcha |
Specifies how AWS WAF should handle |
| Challenge |
Specifies how AWS WAF should handle |
| Name | The name of the rule. |
| Override |
The override action to apply to the rules in a rule group, instead of the individual rule action settings. |
| Priority | If you define more than one |
| Rule |
Labels to apply to web requests that match the rule match statement. |
| Statement | The AWS WAF processing statement for the rule, for example |
| Visibility |
Defines and enables Amazon CloudWatch metrics and web request sample collection. |
Constructors
RuleProperty()
public RuleProperty()Properties
Action
The action that AWS WAF should take on a web request when it matches the rule's statement.
public object Action { get; set; }Property Value
System.
Remarks
Settings at the web ACL level can override the rule action setting.
This is used only for rules whose statements don't reference a rule group. Rule statements that reference a rule group are RuleGroupReferenceStatement and ManagedRuleGroupStatement .
You must set either this Action setting or the rule's OverrideAction , but not both:
CaptchaConfig
Specifies how AWS WAF should handle CAPTCHA evaluations.
public object CaptchaConfig { get; set; }Property Value
System.
Remarks
If you don't specify this, AWS WAF uses the CAPTCHA configuration that's defined for the web ACL.
ChallengeConfig
Specifies how AWS WAF should handle Challenge evaluations.
public object ChallengeConfig { get; set; }Property Value
System.
Remarks
If you don't specify this, AWS WAF uses the challenge configuration that's defined for the web ACL.
Name
The name of the rule.
public string Name { get; set; }Property Value
System.
Remarks
If you change the name of a Rule after you create it and you want the rule's metric name to reflect the change, update the metric name in the rule's VisibilityConfig settings. AWS WAF doesn't automatically update the metric name when you update the rule name.
OverrideAction
The override action to apply to the rules in a rule group, instead of the individual rule action settings.
public object OverrideAction { get; set; }Property Value
System.
Remarks
This is used only for rules whose statements reference a rule group. Rule statements that reference a rule group are RuleGroupReferenceStatement and ManagedRuleGroupStatement .
Set the override action to none to leave the rule group rule actions in effect. Set it to count to only count matches, regardless of the rule action settings.
You must set either this OverrideAction setting or the Action setting, but not both:
Priority
If you define more than one Rule in a WebACL , AWS WAF evaluates each request against the Rules in order based on the value of Priority .
public double Priority { get; set; }Property Value
System.
Remarks
AWS WAF processes rules with lower priority first. The priorities don't need to be consecutive, but they must all be different.
RuleLabels
Labels to apply to web requests that match the rule match statement.
public object RuleLabels { get; set; }Property Value
System.
Remarks
AWS WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.
Any rule that isn't a rule group reference statement or managed rule group statement can add labels to matching web requests.
Rules that run after this rule in the web ACL can match against these labels using a LabelMatchStatement .
For each label, provide a case-sensitive string containing optional namespaces and a label name, according to the following guidelines:
For example, myLabelName or nameSpace1:nameSpace2:myLabelName .
Statement
The AWS WAF processing statement for the rule, for example ByteMatchStatement or SizeConstraintStatement .
public object Statement { get; set; }Property Value
System.
Remarks
VisibilityConfig
Defines and enables Amazon CloudWatch metrics and web request sample collection.
public object VisibilityConfig { get; set; }Property Value
System.
Remarks
If you change the name of a Rule after you create it and you want the rule's metric name to reflect the change, update the metric name as well. AWS WAF doesn't automatically update the metric name.