Class: AWS.WAF

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
waf.createGeoMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the GeoMatchSet. You can't change Name after you create the GeoMatchSet.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • GeoMatchSet — (map)

      The GeoMatchSet returned in the CreateGeoMatchSet response. The GeoMatchSet contains no GeoMatchConstraints.

      • GeoMatchSetId — required — (String)

        The GeoMatchSetId for an GeoMatchSet. You use GeoMatchSetId to get information about a GeoMatchSet (see GeoMatchSet), update a GeoMatchSet (see UpdateGeoMatchSet), insert a GeoMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a GeoMatchSet from AWS WAF (see DeleteGeoMatchSet).

        GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets.

      • Name — (String)

        A friendly name or description of the GeoMatchSet. You can't change the name of an GeoMatchSet after you create it.

      • GeoMatchConstraints — required — (Array<map>)

        An array of GeoMatchConstraint objects, which contain the country that you want AWS WAF to search for.

        • Type — required — (String)

          The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.

          Possible values include:
          • "Country"
        • Value — required — (String)

          The country that you want AWS WAF to search for.

          Possible values include:
          • "AF"
          • "AX"
          • "AL"
          • "DZ"
          • "AS"
          • "AD"
          • "AO"
          • "AI"
          • "AQ"
          • "AG"
          • "AR"
          • "AM"
          • "AW"
          • "AU"
          • "AT"
          • "AZ"
          • "BS"
          • "BH"
          • "BD"
          • "BB"
          • "BY"
          • "BE"
          • "BZ"
          • "BJ"
          • "BM"
          • "BT"
          • "BO"
          • "BQ"
          • "BA"
          • "BW"
          • "BV"
          • "BR"
          • "IO"
          • "BN"
          • "BG"
          • "BF"
          • "BI"
          • "KH"
          • "CM"
          • "CA"
          • "CV"
          • "KY"
          • "CF"
          • "TD"
          • "CL"
          • "CN"
          • "CX"
          • "CC"
          • "CO"
          • "KM"
          • "CG"
          • "CD"
          • "CK"
          • "CR"
          • "CI"
          • "HR"
          • "CU"
          • "CW"
          • "CY"
          • "CZ"
          • "DK"
          • "DJ"
          • "DM"
          • "DO"
          • "EC"
          • "EG"
          • "SV"
          • "GQ"
          • "ER"
          • "EE"
          • "ET"
          • "FK"
          • "FO"
          • "FJ"
          • "FI"
          • "FR"
          • "GF"
          • "PF"
          • "TF"
          • "GA"
          • "GM"
          • "GE"
          • "DE"
          • "GH"
          • "GI"
          • "GR"
          • "GL"
          • "GD"
          • "GP"
          • "GU"
          • "GT"
          • "GG"
          • "GN"
          • "GW"
          • "GY"
          • "HT"
          • "HM"
          • "VA"
          • "HN"
          • "HK"
          • "HU"
          • "IS"
          • "IN"
          • "ID"
          • "IR"
          • "IQ"
          • "IE"
          • "IM"
          • "IL"
          • "IT"
          • "JM"
          • "JP"
          • "JE"
          • "JO"
          • "KZ"
          • "KE"
          • "KI"
          • "KP"
          • "KR"
          • "KW"
          • "KG"
          • "LA"
          • "LV"
          • "LB"
          • "LS"
          • "LR"
          • "LY"
          • "LI"
          • "LT"
          • "LU"
          • "MO"
          • "MK"
          • "MG"
          • "MW"
          • "MY"
          • "MV"
          • "ML"
          • "MT"
          • "MH"
          • "MQ"
          • "MR"
          • "MU"
          • "YT"
          • "MX"
          • "FM"
          • "MD"
          • "MC"
          • "MN"
          • "ME"
          • "MS"
          • "MA"
          • "MZ"
          • "MM"
          • "NA"
          • "NR"
          • "NP"
          • "NL"
          • "NC"
          • "NZ"
          • "NI"
          • "NE"
          • "NG"
          • "NU"
          • "NF"
          • "MP"
          • "NO"
          • "OM"
          • "PK"
          • "PW"
          • "PS"
          • "PA"
          • "PG"
          • "PY"
          • "PE"
          • "PH"
          • "PN"
          • "PL"
          • "PT"
          • "PR"
          • "QA"
          • "RE"
          • "RO"
          • "RU"
          • "RW"
          • "BL"
          • "SH"
          • "KN"
          • "LC"
          • "MF"
          • "PM"
          • "VC"
          • "WS"
          • "SM"
          • "ST"
          • "SA"
          • "SN"
          • "RS"
          • "SC"
          • "SL"
          • "SG"
          • "SX"
          • "SK"
          • "SI"
          • "SB"
          • "SO"
          • "ZA"
          • "GS"
          • "SS"
          • "ES"
          • "LK"
          • "SD"
          • "SR"
          • "SJ"
          • "SZ"
          • "SE"
          • "CH"
          • "SY"
          • "TW"
          • "TJ"
          • "TZ"
          • "TH"
          • "TL"
          • "TG"
          • "TK"
          • "TO"
          • "TT"
          • "TN"
          • "TR"
          • "TM"
          • "TC"
          • "TV"
          • "UG"
          • "UA"
          • "AE"
          • "GB"
          • "US"
          • "UM"
          • "UY"
          • "UZ"
          • "VU"
          • "VE"
          • "VN"
          • "VG"
          • "VI"
          • "WF"
          • "EH"
          • "YE"
          • "ZM"
          • "ZW"
    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateGeoMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example creates an IP match set named MyIPSetFriendlyName. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  Name: "MyIPSetFriendlyName"
 };
 waf.createIPSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
    IPSet: {
     IPSetDescriptors: [
        {
       Type: "IPV4", 
       Value: "192.0.2.44/32"
      }
     ], 
     IPSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5", 
     Name: "MyIPSetFriendlyName"
    }
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
waf.createIPSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the IPSet. You can't change Name after you create the IPSet.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • IPSet — (map)

      The IPSet returned in the CreateIPSet response.

      • IPSetId — required — (String)

        The IPSetId for an IPSet. You use IPSetId to get information about an IPSet (see GetIPSet), update an IPSet (see UpdateIPSet), insert an IPSet into a Rule or delete one from a Rule (see UpdateRule), and delete an IPSet from AWS WAF (see DeleteIPSet).

        IPSetId is returned by CreateIPSet and by ListIPSets.

      • Name — (String)

        A friendly name or description of the IPSet. You can't change the name of an IPSet after you create it.

      • IPSetDescriptors — required — (Array<map>)

        The IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) that web requests originate from. If the WebACL is associated with a CloudFront distribution and the viewer did not use an HTTP proxy or a load balancer to send the request, this is the value of the c-ip field in the CloudFront access logs.

        • Type — required — (String)

          Specify IPV4 or IPV6.

          Possible values include:
          • "IPV4"
          • "IPV6"
        • Value — required — (String)

          Specify an IPv4 address by using CIDR notation. For example:

          • To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.

          • To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

          For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

          Specify an IPv6 address by using CIDR notation. For example:

          • To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.

          • To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateIPSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  MetricName: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  RateKey: IP, /* required */
  RateLimit: 'NUMBER_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
waf.createRateBasedRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the RateBasedRule. You can't change the name of a RateBasedRule after you create it.

  • MetricName — (String)

    A friendly name or description for the metrics for this RateBasedRule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule.

  • RateKey — (String)

    The field that AWS WAF uses to determine if requests are likely arriving from a single source and thus subject to rate monitoring. The only valid value for RateKey is IP. IP indicates that requests that arrive from the same IP address are subject to the RateLimit that is specified in the RateBasedRule.

    Possible values include:
    • "IP"
  • RateLimit — (Integer)

    The maximum number of requests, which have an identical value in the field that is specified by RateKey, allowed in a five-minute period. If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

  • ChangeToken — (String)

    The ChangeToken that you used to submit the CreateRateBasedRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

  • Tags — (Array<map>)
    • Key — required — (String)

    • Value — required — (String)

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • Rule — (map)

      The RateBasedRule that is returned in the CreateRateBasedRule response.

      • RuleId — required — (String)

        A unique identifier for a RateBasedRule. You use RuleId to get more information about a RateBasedRule (see GetRateBasedRule), update a RateBasedRule (see UpdateRateBasedRule), insert a RateBasedRule into a WebACL or delete one from a WebACL (see UpdateWebACL), or delete a RateBasedRule from AWS WAF (see DeleteRateBasedRule).

      • Name — (String)

        A friendly name or description for a RateBasedRule. You can't change the name of a RateBasedRule after you create it.

      • MetricName — (String)

        A friendly name or description for the metrics for a RateBasedRule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule.

      • MatchPredicates — required — (Array<map>)

        The Predicates object contains one Predicate element for each ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to include in a RateBasedRule.

        • Negated — required — (Boolean)

          Set Negated to False if you want AWS WAF to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address.

          Set Negated to True if you want AWS WAF to allow or block a request based on the negation of the settings in the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.

        • Type — required — (String)

          The type of predicate in a Rule, such as ByteMatch or IPSet.

          Possible values include:
          • "IPMatch"
          • "ByteMatch"
          • "SqlInjectionMatch"
          • "GeoMatch"
          • "SizeConstraint"
          • "XssMatch"
          • "RegexMatch"
        • DataId — required — (String)

          A unique identifier for a predicate in a Rule, such as ByteMatchSetId or IPSetId. The ID is returned by the corresponding Create or List command.

      • RateKey — required — (String)

        The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring. The only valid value for RateKey is IP. IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule.

        Possible values include:
        • "IP"
      • RateLimit — required — (Integer)

        The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateRateBasedRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
waf.createRegexMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the RegexMatchSet. You can't change Name after you create a RegexMatchSet.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • RegexMatchSet — (map)

      A RegexMatchSet that contains no RegexMatchTuple objects.

      • RegexMatchSetId — (String)

        The RegexMatchSetId for a RegexMatchSet. You use RegexMatchSetId to get information about a RegexMatchSet (see GetRegexMatchSet), update a RegexMatchSet (see UpdateRegexMatchSet), insert a RegexMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a RegexMatchSet from AWS WAF (see DeleteRegexMatchSet).

        RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets.

      • Name — (String)

        A friendly name or description of the RegexMatchSet. You can't change Name after you create a RegexMatchSet.

      • RegexMatchTuples — (Array<map>)

        Contains an array of RegexMatchTuple objects. Each RegexMatchTuple object contains:

        • The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the User-Agent header.

        • The identifier of the pattern (a regular expression) that you want AWS WAF to look for. For more information, see RegexPatternSet.

        • Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.

        • FieldToMatch — required — (map)

          Specifies where in a web request to look for the RegexPatternSet.

          • Type — required — (String)

            The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

            • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.

            • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.

            • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.

            • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

            • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.

            • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.

            • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but rather than inspecting a single parameter, AWS WAF will inspect all parameters within the query for the value or regex pattern that you specify in TargetString.

            Possible values include:
            • "URI"
            • "QUERY_STRING"
            • "HEADER"
            • "METHOD"
            • "BODY"
            • "SINGLE_QUERY_ARG"
            • "ALL_QUERY_ARGS"
          • Data — (String)

            When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. The name of the header is not case sensitive.

            When the value of Type is SINGLE_QUERY_ARG, enter the name of the parameter that you want AWS WAF to search, for example, UserName or SalesRegion. The parameter name is not case sensitive.

            If the value of Type is any other value, omit Data.

        • TextTransformation — required — (String)

          Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on RegexPatternSet before inspecting a request for a match.

          You can only specify a single type of TextTransformation.

          CMD_LINE

          When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

          • Delete the following characters: \ " ' ^

          • Delete spaces before the following characters: / (

          • Replace the following characters with a space: , ;

          • Replace multiple spaces with one space

          • Convert uppercase letters (A-Z) to lowercase (a-z)

          COMPRESS_WHITE_SPACE

          Use this option to replace the following characters with a space character (decimal 32):

          • \f, formfeed, decimal 12

          • \t, tab, decimal 9

          • \n, newline, decimal 10

          • \r, carriage return, decimal 13

          • \v, vertical tab, decimal 11

          • non-breaking space, decimal 160

          COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

          HTML_ENTITY_DECODE

          Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

          • Replaces (ampersand)quot; with "

          • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160

          • Replaces (ampersand)lt; with a "less than" symbol

          • Replaces (ampersand)gt; with >

          • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters

          • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

          LOWERCASE

          Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

          URL_DECODE

          Use this option to decode a URL-encoded value.

          NONE

          Specify NONE if you don't want to perform any text transformations.

          Possible values include:
          • "NONE"
          • "COMPRESS_WHITE_SPACE"
          • "HTML_ENTITY_DECODE"
          • "LOWERCASE"
          • "CMD_LINE"
          • "URL_DECODE"
        • RegexPatternSetId — required — (String)

          The RegexPatternSetId for a RegexPatternSet. You use RegexPatternSetId to get information about a RegexPatternSet (see GetRegexPatternSet), update a RegexPatternSet (see UpdateRegexPatternSet), insert a RegexPatternSet into a RegexMatchSet or delete one from a RegexMatchSet (see UpdateRegexMatchSet), and delete an RegexPatternSet from AWS WAF (see DeleteRegexPatternSet).

          RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateRegexMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
waf.createRegexPatternSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the RegexPatternSet. You can't change Name after you create a RegexPatternSet.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • RegexPatternSet — (map)

      A RegexPatternSet that contains no objects.

      • RegexPatternSetId — required — (String)

        The identifier for the RegexPatternSet. You use RegexPatternSetId to get information about a RegexPatternSet, update a RegexPatternSet, remove a RegexPatternSet from a RegexMatchSet, and delete a RegexPatternSet from AWS WAF.

        RegexMatchSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

      • Name — (String)

        A friendly name or description of the RegexPatternSet. You can't change Name after you create a RegexPatternSet.

      • RegexPatternStrings — required — (Array<String>)

        Specifies the regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateRegexPatternSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example creates a rule named WAFByteHeaderRule. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  MetricName: "WAFByteHeaderRule", 
  Name: "WAFByteHeaderRule"
 };
 waf.createRule(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
    Rule: {
     MetricName: "WAFByteHeaderRule", 
     Name: "WAFByteHeaderRule", 
     Predicates: [
        {
       DataId: "MyByteMatchSetID", 
       Negated: false, 
       Type: "ByteMatch"
      }
     ], 
     RuleId: "WAFRule-1-Example"
    }
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  MetricName: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
waf.createRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the Rule. You can't change the name of a Rule after you create it.

  • MetricName — (String)

    A friendly name or description for the metrics for this Rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the Rule.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

  • Tags — (Array<map>)
    • Key — required — (String)

    • Value — required — (String)

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • Rule — (map)

      The Rule returned in the CreateRule response.

      • RuleId — required — (String)

        A unique identifier for a Rule. You use RuleId to get more information about a Rule (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL or delete a one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).

        RuleId is returned by CreateRule and by ListRules.

      • Name — (String)

        The friendly name or description for the Rule. You can't change the name of a Rule after you create it.

      • MetricName — (String)

        A friendly name or description for the metrics for this Rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change MetricName after you create the Rule.

      • Predicates — required — (Array<map>)

        The Predicates object contains one Predicate element for each ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to include in a Rule.

        • Negated — required — (Boolean)

          Set Negated to False if you want AWS WAF to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address.

          Set Negated to True if you want AWS WAF to allow or block a request based on the negation of the settings in the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.

        • Type — required — (String)

          The type of predicate in a Rule, such as ByteMatch or IPSet.

          Possible values include:
          • "IPMatch"
          • "ByteMatch"
          • "SqlInjectionMatch"
          • "GeoMatch"
          • "SizeConstraint"
          • "XssMatch"
          • "RegexMatch"
        • DataId — required — (String)

          A unique identifier for a predicate in a Rule, such as ByteMatchSetId or IPSetId. The ID is returned by the corresponding Create or List command.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  MetricName: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
waf.createRuleGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the RuleGroup. You can't change Name after you create a RuleGroup.

  • MetricName — (String)

    A friendly name or description for the metrics for this RuleGroup. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RuleGroup.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

  • Tags — (Array<map>)
    • Key — required — (String)

    • Value — required — (String)

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • RuleGroup — (map)

      An empty RuleGroup.

      • RuleGroupId — required — (String)

        A unique identifier for a RuleGroup. You use RuleGroupId to get more information about a RuleGroup (see GetRuleGroup), update a RuleGroup (see UpdateRuleGroup), insert a RuleGroup into a WebACL or delete a one from a WebACL (see UpdateWebACL), or delete a RuleGroup from AWS WAF (see DeleteRuleGroup).

        RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups.

      • Name — (String)

        The friendly name or description for the RuleGroup. You can't change the name of a RuleGroup after you create it.

      • MetricName — (String)

        A friendly name or description for the metrics for this RuleGroup. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RuleGroup.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateRuleGroup request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example creates size constraint set named MySampleSizeConstraintSet. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  Name: "MySampleSizeConstraintSet"
 };
 waf.createSizeConstraintSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
    SizeConstraintSet: {
     Name: "MySampleSizeConstraintSet", 
     SizeConstraintSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5", 
     SizeConstraints: [
        {
       ComparisonOperator: "GT", 
       FieldToMatch: {
        Type: "QUERY_STRING"
       }, 
       Size: 0, 
       TextTransformation: "NONE"
      }
     ]
    }
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
waf.createSizeConstraintSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the SizeConstraintSet. You can't change Name after you create a SizeConstraintSet.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • SizeConstraintSet — (map)

      A SizeConstraintSet that contains no SizeConstraint objects.

      • SizeConstraintSetId — required — (String)

        A unique identifier for a SizeConstraintSet. You use SizeConstraintSetId to get information about a SizeConstraintSet (see GetSizeConstraintSet), update a SizeConstraintSet (see UpdateSizeConstraintSet), insert a SizeConstraintSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet).

        SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

      • Name — (String)

        The name, if any, of the SizeConstraintSet.

      • SizeConstraints — required — (Array<map>)

        Specifies the parts of web requests that you want to inspect the size of.

        • FieldToMatch — required — (map)

          Specifies where in a web request to look for the size constraint.

          • Type — required — (String)

            The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

            • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.

            • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.

            • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.

            • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

            • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.

            • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.

            • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but rather than inspecting a single parameter, AWS WAF will inspect all parameters within the query for the value or regex pattern that you specify in TargetString.

            Possible values include:
            • "URI"
            • "QUERY_STRING"
            • "HEADER"
            • "METHOD"
            • "BODY"
            • "SINGLE_QUERY_ARG"
            • "ALL_QUERY_ARGS"
          • Data — (String)

            When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. The name of the header is not case sensitive.

            When the value of Type is SINGLE_QUERY_ARG, enter the name of the parameter that you want AWS WAF to search, for example, UserName or SalesRegion. The parameter name is not case sensitive.

            If the value of Type is any other value, omit Data.

        • TextTransformation — required — (String)

          Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

          You can only specify a single type of TextTransformation.

          Note that if you choose BODY for the value of Type, you must choose NONE for TextTransformation because CloudFront forwards only the first 8192 bytes for inspection.

          NONE

          Specify NONE if you don't want to perform any text transformations.

          CMD_LINE

          When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

          • Delete the following characters: \ " ' ^

          • Delete spaces before the following characters: / (

          • Replace the following characters with a space: , ;

          • Replace multiple spaces with one space

          • Convert uppercase letters (A-Z) to lowercase (a-z)

          COMPRESS_WHITE_SPACE

          Use this option to replace the following characters with a space character (decimal 32):

          • \f, formfeed, decimal 12

          • \t, tab, decimal 9

          • \n, newline, decimal 10

          • \r, carriage return, decimal 13

          • \v, vertical tab, decimal 11

          • non-breaking space, decimal 160

          COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

          HTML_ENTITY_DECODE

          Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

          • Replaces (ampersand)quot; with "

          • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160

          • Replaces (ampersand)lt; with a "less than" symbol

          • Replaces (ampersand)gt; with >

          • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters

          • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

          LOWERCASE

          Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

          URL_DECODE

          Use this option to decode a URL-encoded value.

          Possible values include:
          • "NONE"
          • "COMPRESS_WHITE_SPACE"
          • "HTML_ENTITY_DECODE"
          • "LOWERCASE"
          • "CMD_LINE"
          • "URL_DECODE"
        • ComparisonOperator — required — (String)

          The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the provided Size and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch". If that expression is true, the SizeConstraint is considered to match.

          EQ: Used to test if the Size is equal to the size of the FieldToMatch

          NE: Used to test if the Size is not equal to the size of the FieldToMatch

          LE: Used to test if the Size is less than or equal to the size of the FieldToMatch

          LT: Used to test if the Size is strictly less than the size of the FieldToMatch

          GE: Used to test if the Size is greater than or equal to the size of the FieldToMatch

          GT: Used to test if the Size is strictly greater than the size of the FieldToMatch

          Possible values include:
          • "EQ"
          • "NE"
          • "LE"
          • "LT"
          • "GE"
          • "GT"
        • Size — required — (Integer)

          The size in bytes that you want AWS WAF to compare against the size of the specified FieldToMatch. AWS WAF uses this in combination with ComparisonOperator and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch". If that expression is true, the SizeConstraint is considered to match.

          Valid values for size are 0 - 21474836480 bytes (0 - 20 GB).

          If you specify URI for the value of Type, the / in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example creates a SQL injection match set named MySQLInjectionMatchSet. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  Name: "MySQLInjectionMatchSet"
 };
 waf.createSqlInjectionMatchSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
    SqlInjectionMatchSet: {
     Name: "MySQLInjectionMatchSet", 
     SqlInjectionMatchSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5", 
     SqlInjectionMatchTuples: [
        {
       FieldToMatch: {
        Type: "QUERY_STRING"
       }, 
       TextTransformation: "URL_DECODE"
      }
     ]
    }
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
waf.createSqlInjectionMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description for the SqlInjectionMatchSet that you're creating. You can't change Name after you create the SqlInjectionMatchSet.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • SqlInjectionMatchSet — (map)

      A SqlInjectionMatchSet.

      • SqlInjectionMatchSetId — required — (String)

        A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet), insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet).

        SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

      • Name — (String)

        The name, if any, of the SqlInjectionMatchSet.

      • SqlInjectionMatchTuples — required — (Array<map>)

        Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.

        • FieldToMatch — required — (map)

          Specifies where in a web request to look for snippets of malicious SQL code.

          • Type — required — (String)

            The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

            • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.

            • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.

            • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.

            • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

            • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.

            • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.

            • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but rather than inspecting a single parameter, AWS WAF will inspect all parameters within the query for the value or regex pattern that you specify in TargetString.

            Possible values include:
            • "URI"
            • "QUERY_STRING"
            • "HEADER"
            • "METHOD"
            • "BODY"
            • "SINGLE_QUERY_ARG"
            • "ALL_QUERY_ARGS"
          • Data — (String)

            When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. The name of the header is not case sensitive.

            When the value of Type is SINGLE_QUERY_ARG, enter the name of the parameter that you want AWS WAF to search, for example, UserName or SalesRegion. The parameter name is not case sensitive.

            If the value of Type is any other value, omit Data.

        • TextTransformation — required — (String)

          Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

          You can only specify a single type of TextTransformation.

          CMD_LINE

          When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

          • Delete the following characters: \ " ' ^

          • Delete spaces before the following characters: / (

          • Replace the following characters with a space: , ;

          • Replace multiple spaces with one space

          • Convert uppercase letters (A-Z) to lowercase (a-z)

          COMPRESS_WHITE_SPACE

          Use this option to replace the following characters with a space character (decimal 32):

          • \f, formfeed, decimal 12

          • \t, tab, decimal 9

          • \n, newline, decimal 10

          • \r, carriage return, decimal 13

          • \v, vertical tab, decimal 11

          • non-breaking space, decimal 160

          COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

          HTML_ENTITY_DECODE

          Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

          • Replaces (ampersand)quot; with "

          • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160

          • Replaces (ampersand)lt; with a "less than" symbol

          • Replaces (ampersand)gt; with >

          • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters

          • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

          LOWERCASE

          Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

          URL_DECODE

          Use this option to decode a URL-encoded value.

          NONE

          Specify NONE if you don't want to perform any text transformations.

          Possible values include:
          • "NONE"
          • "COMPRESS_WHITE_SPACE"
          • "HTML_ENTITY_DECODE"
          • "LOWERCASE"
          • "CMD_LINE"
          • "URL_DECODE"
    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateSqlInjectionMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example creates a web ACL named CreateExample. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  DefaultAction: {
   Type: "ALLOW"
  }, 
  MetricName: "CreateExample", 
  Name: "CreateExample"
 };
 waf.createWebACL(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
    WebACL: {
     DefaultAction: {
      Type: "ALLOW"
     }, 
     MetricName: "CreateExample", 
     Name: "CreateExample", 
     Rules: [
        {
       Action: {
        Type: "ALLOW"
       }, 
       Priority: 1, 
       RuleId: "WAFRule-1-Example"
      }
     ], 
     WebACLId: "example-46da-4444-5555-example"
    }
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  DefaultAction: { /* required */
    Type: BLOCK | ALLOW | COUNT /* required */
  },
  MetricName: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE', /* required */
  Tags: [
    {
      Key: 'STRING_VALUE', /* required */
      Value: 'STRING_VALUE' /* required */
    },
    /* more items */
  ]
};
waf.createWebACL(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description of the WebACL. You can't change Name after you create the WebACL.

  • MetricName — (String)

    A friendly name or description for the metrics for this WebACL.The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change MetricName after you create the WebACL.

  • DefaultAction — (map)

    The action that you want AWS WAF to take when a request doesn't match the criteria specified in any of the Rule objects that are associated with the WebACL.

    • Type — required — (String)

      Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. Valid settings include the following:

      • ALLOW: AWS WAF allows requests

      • BLOCK: AWS WAF blocks requests

      • COUNT: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.

      Possible values include:
      • "BLOCK"
      • "ALLOW"
      • "COUNT"
  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

  • Tags — (Array<map>)
    • Key — required — (String)

    • Value — required — (String)

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • WebACL — (map)

      The WebACL returned in the CreateWebACL response.

      • WebACLId — required — (String)

        A unique identifier for a WebACL. You use WebACLId to get information about a WebACL (see GetWebACL), update a WebACL (see UpdateWebACL), and delete a WebACL from AWS WAF (see DeleteWebACL).

        WebACLId is returned by CreateWebACL and by ListWebACLs.

      • Name — (String)

        A friendly name or description of the WebACL. You can't change the name of a WebACL after you create it.

      • MetricName — (String)

        A friendly name or description for the metrics for this WebACL. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change MetricName after you create the WebACL.

      • DefaultAction — required — (map)

        The action to perform if none of the Rules contained in the WebACL match. The action is specified by the WafAction object.

        • Type — required — (String)

          Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. Valid settings include the following:

          • ALLOW: AWS WAF allows requests

          • BLOCK: AWS WAF blocks requests

          • COUNT: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.

          Possible values include:
          • "BLOCK"
          • "ALLOW"
          • "COUNT"
      • Rules — required — (Array<map>)

        An array that contains the action for each Rule in a WebACL, the priority of the Rule, and the ID of the Rule.

        • Priority — required — (Integer)

          Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower value for Priority are evaluated before Rules with a higher value. The value must be a unique integer. If you add multiple Rules to a WebACL, the values don't need to be consecutive.

        • RuleId — required — (String)

          The RuleId for a Rule. You use RuleId to get more information about a Rule (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL or delete a one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).

          RuleId is returned by CreateRule and by ListRules.

        • Action — (map)

          Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule. Valid values for Action include the following:

          • ALLOW: CloudFront responds with the requested object.

          • BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.

          • COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.

          ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case, you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

          • Type — required — (String)

            Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. Valid settings include the following:

            • ALLOW: AWS WAF allows requests

            • BLOCK: AWS WAF blocks requests

            • COUNT: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.

            Possible values include:
            • "BLOCK"
            • "ALLOW"
            • "COUNT"
        • OverrideAction — (map)

          Use the OverrideAction to test your RuleGroup.

          Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup will block a request if any individual rule in the RuleGroup matches the request and is configured to block that request. However if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup will then override any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted requests using GetSampledRequests.

          ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

          • Type — required — (String)

            COUNT overrides the action specified by the individual rule within a RuleGroup . If set to NONE, the rule's action will take place.

            Possible values include:
            • "NONE"
            • "COUNT"
        • Type — (String)

          The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID, which does not exist.

          Possible values include:
          • "REGULAR"
          • "RATE_BASED"
          • "GROUP"
        • ExcludedRules — (Array<map>)

          An array of rules to exclude from a rule group. This is applicable only when the ActivatedRule refers to a RuleGroup.

          Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). One troubleshooting technique is to identify the specific rule within the rule group that is blocking the legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule groups and AWS Marketplace rule groups that have been associated with a web ACL.

          Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes the action for the rules to COUNT. Therefore, requests that match an ExcludedRule are counted but not blocked. The RuleGroup owner will receive COUNT metrics for each ExcludedRule.

          If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following steps:

          1. Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the logs, see Logging Web ACL Traffic Information.

          2. Submit an UpdateWebACL request that has two actions:

             • The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL request, the first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId should be the rule group that contains the rules that you want to exclude.

             • The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the second Updates:Action should be INSERT, Updates:ActivatedRule:RuleId should be the rule group that you just removed, and ExcludedRules should contain the rules that you want to exclude.

          • RuleId — required — (String)

            The unique identifier for the rule to exclude from the rule group.

      • WebACLArn — (String)

        Tha Amazon Resource Name (ARN) of the web ACL.

    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateWebACL request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  IgnoreUnsupportedType: true || false, /* required */
  S3BucketName: 'STRING_VALUE', /* required */
  WebACLId: 'STRING_VALUE' /* required */
};
waf.createWebACLMigrationStack(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • WebACLId — (String)

    The UUID of the WAF Classic web ACL that you want to migrate to WAF v2.

  • S3BucketName — (String)

    The name of the Amazon S3 bucket to store the CloudFormation template in. The S3 bucket must be configured as follows for the migration:

    • The bucket name must start with aws-waf-migration-. For example, aws-waf-migration-my-web-acl.

    • The bucket must be in the Region where you are deploying the template. For example, for a web ACL in us-west-2, you must use an Amazon S3 bucket in us-west-2 and you must deploy the template stack to us-west-2.

    • The bucket policies must permit the migration process to write data. For listings of the bucket policies, see the Examples section.

  • IgnoreUnsupportedType — (Boolean)

    Indicates whether to exclude entities that can't be migrated or to stop the migration. Set this to true to ignore unsupported entities in the web ACL during the migration. Otherwise, if AWS WAF encounters unsupported entities, it stops the process and throws an exception.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • S3ObjectUrl — (String)

      The URL of the template created in Amazon S3.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example creates an XSS match set named MySampleXssMatchSet. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  Name: "MySampleXssMatchSet"
 };
 waf.createXssMatchSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
    XssMatchSet: {
     Name: "MySampleXssMatchSet", 
     XssMatchSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5", 
     XssMatchTuples: [
        {
       FieldToMatch: {
        Type: "QUERY_STRING"
       }, 
       TextTransformation: "URL_DECODE"
      }
     ]
    }
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  Name: 'STRING_VALUE' /* required */
};
waf.createXssMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • Name — (String)

    A friendly name or description for the XssMatchSet that you're creating. You can't change Name after you create the XssMatchSet.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • XssMatchSet — (map)

      An XssMatchSet.

      • XssMatchSetId — required — (String)

        A unique identifier for an XssMatchSet. You use XssMatchSetId to get information about an XssMatchSet (see GetXssMatchSet), update an XssMatchSet (see UpdateXssMatchSet), insert an XssMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete an XssMatchSet from AWS WAF (see DeleteXssMatchSet).

        XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

      • Name — (String)

        The name, if any, of the XssMatchSet.

      • XssMatchTuples — required — (Array<map>)

        Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.

        • FieldToMatch — required — (map)

          Specifies where in a web request to look for cross-site scripting attacks.

          • Type — required — (String)

            The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

            • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.

            • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.

            • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.

            • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

            • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.

            • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.

            • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but rather than inspecting a single parameter, AWS WAF will inspect all parameters within the query for the value or regex pattern that you specify in TargetString.

            Possible values include:
            • "URI"
            • "QUERY_STRING"
            • "HEADER"
            • "METHOD"
            • "BODY"
            • "SINGLE_QUERY_ARG"
            • "ALL_QUERY_ARGS"
          • Data — (String)

            When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. The name of the header is not case sensitive.

            When the value of Type is SINGLE_QUERY_ARG, enter the name of the parameter that you want AWS WAF to search, for example, UserName or SalesRegion. The parameter name is not case sensitive.

            If the value of Type is any other value, omit Data.

        • TextTransformation — required — (String)

          Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

          You can only specify a single type of TextTransformation.

          CMD_LINE

          When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

          • Delete the following characters: \ " ' ^

          • Delete spaces before the following characters: / (

          • Replace the following characters with a space: , ;

          • Replace multiple spaces with one space

          • Convert uppercase letters (A-Z) to lowercase (a-z)

          COMPRESS_WHITE_SPACE

          Use this option to replace the following characters with a space character (decimal 32):

          • \f, formfeed, decimal 12

          • \t, tab, decimal 9

          • \n, newline, decimal 10

          • \r, carriage return, decimal 13

          • \v, vertical tab, decimal 11

          • non-breaking space, decimal 160

          COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

          HTML_ENTITY_DECODE

          Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

          • Replaces (ampersand)quot; with "

          • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160

          • Replaces (ampersand)lt; with a "less than" symbol

          • Replaces (ampersand)gt; with >

          • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters

          • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

          LOWERCASE

          Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

          URL_DECODE

          Use this option to decode a URL-encoded value.

          NONE

          Specify NONE if you don't want to perform any text transformations.

          Possible values include:
          • "NONE"
          • "COMPRESS_WHITE_SPACE"
          • "HTML_ENTITY_DECODE"
          • "LOWERCASE"
          • "CMD_LINE"
          • "URL_DECODE"
    • ChangeToken — (String)

      The ChangeToken that you used to submit the CreateXssMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example deletes a byte match set with the ID exampleIDs3t-46da-4fdb-b8d5-abc321j569j5. */

 var params = {
  ByteMatchSetId: "exampleIDs3t-46da-4fdb-b8d5-abc321j569j5", 
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
 };
 waf.deleteByteMatchSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
   }
   */
 });

var params = {
  ByteMatchSetId: 'STRING_VALUE', /* required */
  ChangeToken: 'STRING_VALUE' /* required */
};
waf.deleteByteMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • ByteMatchSetId — (String)

    The ByteMatchSetId of the ByteMatchSet that you want to delete. ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteByteMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  GeoMatchSetId: 'STRING_VALUE' /* required */
};
waf.deleteGeoMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • GeoMatchSetId — (String)

    The GeoMatchSetID of the GeoMatchSet that you want to delete. GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteGeoMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example deletes an IP match set  with the ID example1ds3t-46da-4fdb-b8d5-abc321j569j5. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  IPSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5"
 };
 waf.deleteIPSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  IPSetId: 'STRING_VALUE' /* required */
};
waf.deleteIPSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • IPSetId — (String)

    The IPSetId of the IPSet that you want to delete. IPSetId is returned by CreateIPSet and by ListIPSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteIPSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ResourceArn: 'STRING_VALUE' /* required */
};
waf.deleteLoggingConfiguration(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • ResourceArn — (String)

    The Amazon Resource Name (ARN) of the web ACL from which you want to delete the LoggingConfiguration.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ResourceArn: 'STRING_VALUE' /* required */
};
waf.deletePermissionPolicy(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • ResourceArn — (String)

    The Amazon Resource Name (ARN) of the RuleGroup from which you want to delete the policy.

    The user making the request must be the owner of the RuleGroup.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  RuleId: 'STRING_VALUE' /* required */
};
waf.deleteRateBasedRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • RuleId — (String)

    The RuleId of the RateBasedRule that you want to delete. RuleId is returned by CreateRateBasedRule and by ListRateBasedRules.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteRateBasedRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  RegexMatchSetId: 'STRING_VALUE' /* required */
};
waf.deleteRegexMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • RegexMatchSetId — (String)

    The RegexMatchSetId of the RegexMatchSet that you want to delete. RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteRegexMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  RegexPatternSetId: 'STRING_VALUE' /* required */
};
waf.deleteRegexPatternSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • RegexPatternSetId — (String)

    The RegexPatternSetId of the RegexPatternSet that you want to delete. RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteRegexPatternSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example deletes a rule with the ID WAFRule-1-Example. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  RuleId: "WAFRule-1-Example"
 };
 waf.deleteRule(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  RuleId: 'STRING_VALUE' /* required */
};
waf.deleteRule(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • RuleId — (String)

    The RuleId of the Rule that you want to delete. RuleId is returned by CreateRule and by ListRules.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  RuleGroupId: 'STRING_VALUE' /* required */
};
waf.deleteRuleGroup(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • RuleGroupId — (String)

    The RuleGroupId of the RuleGroup that you want to delete. RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteRuleGroup request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example deletes a size constraint set  with the ID example1ds3t-46da-4fdb-b8d5-abc321j569j5. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  SizeConstraintSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5"
 };
 waf.deleteSizeConstraintSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  SizeConstraintSetId: 'STRING_VALUE' /* required */
};
waf.deleteSizeConstraintSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • SizeConstraintSetId — (String)

    The SizeConstraintSetId of the SizeConstraintSet that you want to delete. SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example deletes a SQL injection match set  with the ID example1ds3t-46da-4fdb-b8d5-abc321j569j5. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  SqlInjectionMatchSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5"
 };
 waf.deleteSqlInjectionMatchSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  SqlInjectionMatchSetId: 'STRING_VALUE' /* required */
};
waf.deleteSqlInjectionMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • SqlInjectionMatchSetId — (String)

    The SqlInjectionMatchSetId of the SqlInjectionMatchSet that you want to delete. SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteSqlInjectionMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example deletes a web ACL with the ID example-46da-4444-5555-example. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  WebACLId: "example-46da-4444-5555-example"
 };
 waf.deleteWebACL(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  WebACLId: 'STRING_VALUE' /* required */
};
waf.deleteWebACL(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • WebACLId — (String)

    The WebACLId of the WebACL that you want to delete. WebACLId is returned by CreateWebACL and by ListWebACLs.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteWebACL request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example deletes an XSS match set with the ID example1ds3t-46da-4fdb-b8d5-abc321j569j5. */

 var params = {
  ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f", 
  XssMatchSetId: "example1ds3t-46da-4fdb-b8d5-abc321j569j5"
 };
 waf.deleteXssMatchSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ChangeToken: "abcd12f2-46da-4fdb-b8d5-fbd4c466928f"
   }
   */
 });

var params = {
  ChangeToken: 'STRING_VALUE', /* required */
  XssMatchSetId: 'STRING_VALUE' /* required */
};
waf.deleteXssMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • XssMatchSetId — (String)

    The XssMatchSetId of the XssMatchSet that you want to delete. XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

  • ChangeToken — (String)

    The value returned by the most recent call to GetChangeToken.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ChangeToken — (String)

      The ChangeToken that you used to submit the DeleteXssMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Returns:

• (AWS.Request) —

  a handle to the operation request for subsequent event callback registration.

/* The following example returns the details of a byte match set with the ID exampleIDs3t-46da-4fdb-b8d5-abc321j569j5. */

 var params = {
  ByteMatchSetId: "exampleIDs3t-46da-4fdb-b8d5-abc321j569j5"
 };
 waf.getByteMatchSet(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    ByteMatchSet: {
     ByteMatchSetId: "exampleIDs3t-46da-4fdb-b8d5-abc321j569j5", 
     ByteMatchTuples: [
        {
       FieldToMatch: {
        Data: "referer", 
        Type: "HEADER"
       }, 
       PositionalConstraint: "CONTAINS", 
       TargetString: <Binary String>, 
       TextTransformation: "NONE"
      }
     ], 
     Name: "ByteMatchNameExample"
    }
   }
   */
 });

var params = {
  ByteMatchSetId: 'STRING_VALUE' /* required */
};
waf.getByteMatchSet(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

• params (Object) (defaults to: {}) —
  • ByteMatchSetId — (String)

    The ByteMatchSetId of the ByteMatchSet that you want to get. ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

Callback (callback):

• function(err, data) { ... }

  Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

  Context (this):

  • (AWS.Response) —

    the response object containing error, data properties, and the original request object.

  Parameters:

  • err (Error) —

    the error object returned from the request. Set to null if the request is successful.

  • data (Object) —

    the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

    • ByteMatchSet — (map)

      Information about the ByteMatchSet that you specified in the GetByteMatchSet request. For more information, see the following topics:

      • ByteMatchSet: Contains ByteMatchSetId, ByteMatchTuples, and Name

      • ByteMatchTuples: Contains an array of ByteMatchTuple objects. Each ByteMatchTuple object contains FieldToMatch, PositionalConstraint, TargetString, and TextTransformation

      • FieldToMatch: Contains Data and Type

      • ByteMatchSetId — required — (String)

        The ByteMatchSetId for a ByteMatchSet. You use ByteMatchSetId to get information about a ByteMatchSet (see GetByteMatchSet), update a ByteMatchSet (see UpdateByteMatchSet), insert a ByteMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a ByteMatchSet from AWS WAF (see DeleteByteMatchSet).

        ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

      • Name — (String)

        A friendly name or description of the ByteMatchSet. You can't change Name after you create a ByteMatchSet.

      • ByteMatchTuples — required — (Array<map>)

        Specifies the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.

        • FieldToMatch — required — (map)

          The part of a web request that you want AWS WAF to search, such as a specified header or a query string. For more information, see FieldToMatch.

          • Type — required — (String)

            The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

            • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.

            • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.

            • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.

            • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

            • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.

            • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.

            • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but rather than inspecting a single parameter, AWS WAF will inspect all parameters within the query for the value or regex pattern that you specify in TargetString.

            Possible values include:
            • "URI"
            • "QUERY_STRING"
            • "HEADER"
            • "METHOD"
            • "BODY"
            • "SINGLE_QUERY_ARG"
            • "ALL_QUERY_ARGS"
          • Data — (String)

            When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. The name of the header is not case sensitive.

            When the value of Type is SINGLE_QUERY_ARG, enter the name of the parameter that you want AWS WAF to search, for example, UserName or SalesRegion. The parameter name is not case sensitive.

            If the value of Type is any other value, omit Data.

        • TargetString — required — (Buffer, Typed Array, Blob, String)

          The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified in FieldToMatch. The maximum length of the value is 50 bytes.

          Valid values depend on the values that you specified for FieldToMatch:

          • HEADER: The value that you want AWS WAF to search for in the request header that you specified in FieldToMatch, for example, the value of the User-Agent or Referer header.

          • METHOD: The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.

          • QUERY_STRING: The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a ? character.

          • URI: The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example, /images/daily-ad.jpg.

          • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.

          • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.

          • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but instead of inspecting a single parameter, AWS WAF inspects all parameters within the query string for the value or regex pattern that you specify in TargetString.

          If TargetString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.

          If you're using the AWS WAF API

          Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes.

          For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of TargetString.

          If you're using the AWS CLI or one of the AWS SDKs

          The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.

        • TextTransformation — required — (String)

          Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

          You can only specify a single type of TextTransformation.

          CMD_LINE

          When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

          • Delete the following characters: \ " ' ^

          • Delete spaces before the following characters: / (

          • Replace the following characters with a space: , ;

          • Replace multiple spaces with one space

          • Convert uppercase letters (A-Z) to lowercase (a-z)

          COMPRESS_WHITE_SPACE

          Use this option to replace the following characters with a space character (decimal 32):

          • \f, formfeed, decimal 12

          • \t, tab, decimal 9

          • \n, newline, decimal 10

          • \r, carriage return, decimal 13

          • \v, vertical tab, decimal 11

          • non-breaking space, decimal 160

          COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

          HTML_ENTITY_DECODE

          Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

          • Replaces (ampersand)quot; with "

          • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160

          • Replaces (ampersand)lt; with a "less than" symbol

          • Replaces (ampersand)gt; with >

          • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters

          • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

          LOWERCASE

          Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

          URL_DECODE

          Use this option to decode a URL-encoded value.

          NONE

          Specify NONE if you don't want to perform any text transformations.

          Possible values include:
          • "NONE"
          • "COMPRESS_WHITE_SPACE"
          • "HTML_ENTITY_DECODE"
          • "LOWERCASE"
          • "CMD_LINE"
          • "URL_DECODE"
        • PositionalConstraint — required — (String)

          Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following:

          CONTAINS

          The specified part of the web request must include the value of TargetString, but the location doesn't matter.

          CONTAINS_WORD

          The specified part of the web request must include the value of TargetString, and TargetString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or ). In addition, TargetString must be a word, which means one of the following:

          • TargetString exactly matches the value of the specified part of the web request, such as the value of a header.

          • TargetString is at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (), for example, BadBot;.

          • TargetString is at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (), for example, ;BadBot.

          • TargetString is in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (), for example, -BadBot;.

          EXACTLY

          The value of the specified part of the web request must exactly match the value of TargetString.

          STARTS_WITH

          The value of TargetString must appear at the beginning of the specified part of the web request.

          ENDS_WITH

          The value of TargetString must appear at the end of the specified part of the web request.

          Possible values include:
          • "EXACTLY"
          • "STARTS_WITH"
          • "ENDS_WITH"
          • "CONTAINS"
          • "CONTAINS_WORD"